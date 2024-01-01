Google Cloud has fixed a flaw impacting Kubernetes that could allow an attacker to escalate their privileges.

According to TheHackerNews, Palo Alto Networks Unit 42 discovered the flaw and reported it via Google’s Vulnerability Reward Program. Google detailed the issue in a security bulletin:

An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to escalate privileges in the cluster. The issues with Fluent Bit and Anthos Service Mesh have been mitigated and fixes are now available. These vulnerabilities are not exploitable on their own in GKE and require an initial compromise. We are not aware of any instances of exploitation of these vulnerabilities.

Google recommends manually upgrading GKE to ensure customers are running the patched version: