Google has fixed a critical flaw in its Google Cloud Platform’s database service that researchers used to gain access to sensitive data and secrets, as well as escalate privileges to breach other cloud services, including potentially those in customer environments.
Researchers at Dig Security identified the vulnerability through a gap in the security layer around the CloudSQL service of GCP, which supports several different database engines — including MySQL, PostgreSQL, and SQL Server — for use in the environment, they revealed in a blog post on May 25.