Google Cloud released a fix for a medium-severity security vulnerability (GCP-2023-047) enabling potential privilege escalation against Kubernetes instances. The security issue has been resolved in updated versions of Google Kubernetes Engine (GKE) and Anthos Service Mesh (ASM), including versions 1.25.16-gke.1020000, 1.26.10-gke.1235000, 1.27.7-gke.1293000, 1.28.4-gke.1083000, 1.17.8-asm.8, 1.18.6-asm.2, and 1.19.5-asm.4.
Vulnerability exploitation requires a potential attacker to compromise the Fluent Bit logging container and combine that access with high privileges required by Anthos Service Mesh. Palo Alto Networks Unit 42, the discoverer of the flaw, highlighted the potential for data theft, deployment of malicious pods, and disruption of cluster operations by adversaries. There is currently no evidence of exploitation in the wild.