GSD-2022-1002525

Source
https://github.com/cloudsecurityalliance/gsd-database/blob/main/2022/1002xxx/GSD-2022-1002525.json
Published
2022-06-07T19:53:53.732825Z
Modified
2022-06-07T19:53:53.732825Z
Details

In Google Cloud Platform (GCP), all versions as of 2022-06-07 and later (unfixed as of yet) an IP address filtering vulnerability exists in the Kubernetes control plane that can be attacked via other systems within Google Cloud Engine's network (filtering is only applied to external IP addresses) resulting in a bypass of firewall rules and access to the Google Kubernetes Engine (GKE) Authorized Networks (aka Kubernetes control plane) being allowed (please note an attacker would still need credentials to access it).

References

Affected packages

GSD / Google Cloud Platform (GCP)

Google Cloud Platform (GCP)

Affected ranges

Affected versions

Other

All versions as of 2022-06-07 and later (unfixed as of yet)