Back to directory
WRITEUP #520

Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise

CloudKubernetesPrivilege escalation
by@roinisimi(Roi Nisimi)
Program
Google (GKE)
Published
Jan 24, 2024
Added to HackDex
Jan 25, 2024
Read Full Writeuphttps://orca.security/resources/research-pod/sys-all-google-kubernetes-engine-risk/
RELATED WRITEUPS
SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts
AI / LLMAI
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation
UnOAuthorized: Privilege Elevation Through Microsoft Applications
CloudPrivilege escalation
Escalating Privileges in Google Cloud via Open Groups
CloudPrivilege escalation

Built with ❤️ by Shubham Rawat