"Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters"

Threat actors with a Google account could exploit a loophole impacting Google Kubernetes Engine (GKE) to take over a Kubernetes cluster. The flaw has been dubbed "Sys:All" by the cloud security company Orca. About 250,000 active GKE clusters in the wild are said to be vulnerable to the attack vector. According to security researcher Ofir Yakobi, there is a common misconception that the system:authenticated group in GKE only includes verified and deterministic identities. However, it includes any Google-authenticated account, even those from outside the organization. The system:authenticated group contains all authenticated entities, including human users and service accounts. Therefore, this could have serious consequences when administrators inadvertently grant it overly permissive roles. This article continues to discuss the potential exploitation and impact of the GKE loophole.

THN reports "Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters"

Submitted by grigby1

Submitted by Gregory Rigby on