Top
image credit: Freepik

Google Cloud Bug Allows Server Takeover From CloudSQL Service

May 25, 2023

Google has fixed a critical flaw in its Google Cloud Platform’s database service that researchers used to gain access to sensitive data and secrets, as well as escalate privileges to breach other cloud services, including potentially those in customer environments.

Researchers at Dig Security identified the vulnerability through a gap in the security layer around the CloudSQL service of GCP, which supports several different database engines — including MySQL, PostgreSQL, and SQL Server — for use in the environment, they revealed in a blog post on May 25.

Read More on Dark Reading