medium

Privilege escalation in GCP Cloud SQL

Published Fri, Jun 2nd, 2023

Platforms

gcp

Summary

A vulnerability was discovered in Cloud SQL for SQL Server that allowed customer administrator accounts to create triggers in the tempdb database and use those to gain sysadmin privileges in the instance. The sysadmin privileges would give the attacker access to system databases and partial access to the machine running that SQL Server instance.

Affected Services

Cloud SQL

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://cloud.google.com/support/bulletinshttps://cloud.google.com/sql/docs/security-bulletins

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

-

Exploitability Period

-

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

-

Discovered by

-

More vulnerabilities...

high

Cloud SQL for SQL Server privilege escalation

gcp

A vulnerability discovered in GCP's Cloud SQL service allowed customer administrator accounts to create triggers in the tempdb database and use those to gain sysadmin privileges in the instance. Th...

Dig
low

GuardDuty bypass via S3 permission modification

aws

Threat actors in possession of IAM active credentials that had the power to update S3 bucket policies could have bypassed GuardDuty’s S3 detections and silently updated permissions for S3 resources...

Gem Security
high

API Management SSRF and path traversal vulnerabilities

azure

Azure API Management is an API gateway service meant to help organizations to create, manage, secure, and monitor APIs across all of their environments. Researchers found three high severity vulner...

Liv Matan, Ermetic
View all