Several security flaws have been detected in Google Cloud shell, one of them was the docker socket exploit and by a Dutch researcher Wouter ter Maat.
Wouter ter Maat has earned $100,000 for the bug bounty- “Anyone who can communicate with a host-based Docker socket can easily escape the container and gain root access on the host at the same time” he said the vulnerability has been fixed.
But, recently it a new vulnerabilities is uncovered by Israeli security researcher.
He took over the cloud shell node by exploiting two different vulnerabilities, the vulnerabilities led to secrets exposure, backend and frontend access, and high compute resources
Chen said that the platform has several issues and potential for lateral movement to the cloud, “To trigger this attack i needed a cgroup, where we can create a release_agent file and trigger release_agent invocation by killing all processes in the cgroup. this way I mounted a cgroup controller and created a child cgroup.” he said
The researcher had access to information about google’s internal dev-ops server was found in the node and secrets, the vulnerability
Found this article interesting? Follow us on Twitter and Linkedin to read more exclusive content we post.
