Palo Alto Networks discovered vulnerabilities in FluentBit and Anthos Service Mesh (ASM) within Google Kubernetes Engine (GKE), which, when chained together, could lead to a complete takeover of a Kubernetes cluster by an attacker. FluentBit, the default logging agent in GKE, and ASM, an optional service for managing communication, were identified with exploitable flaws. An attacker could leverage these vulnerabilities as part of a second-stage attack, gaining control after achieving remote code execution in a FluentBit container or breaking out of another container. Exploiting these issues could lead to unauthorized access, data theft, deployment of malicious pods, and disruption of cluster operations. Google has released patches for the vulnerabilities in GKE and ASM and urges users to update their clusters manually to mitigate these risks, emphasizing that these vulnerabilities require an initial compromise and have not been exploited independently in GKE instances.

Read more: https://www.securityweek.com/vulnerabilities-in-google-kubernetes-engine-could-allow-cluster-takeover/