Palo Alto Networks discovered vulnerabilities in FluentBit and Anthos Service Mesh (ASM) within Google Kubernetes Engine (GKE), which, when chained together, could lead to a complete takeover of a Kubernetes cluster by an attacker. FluentBit, the default logging agent in GKE, and ASM, an optional service for managing communication, were identified with exploitable flaws. An attacker could leverage these vulnerabilities as part of a second-stage attack, gaining control after achieving remote code execution in a FluentBit container or breaking out of another container. Exploiting these issues could lead to unauthorized access, data theft, deployment of malicious pods, and disruption of cluster operations. Google has released patches for the vulnerabilities in GKE and ASM and urges users to update their clusters manually to mitigate these risks, emphasizing that these vulnerabilities require an initial compromise and have not been exploited independently in GKE instances.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.