How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production – .:: CHASLES CORP. ::.

Patch this Critical Safeguard for Privileged Passwords Authentication Bypass Flaw
CISA Adds Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and MSSQL Server Bugs to its KEV Catalog
Clever ‘GitHub Scanner’ Campaign Abusing Repositories to Push Malware
Germany Seizes 47 Crypto Exchanges Used by Ransomware Gangs
Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence

Patch this Critical Safeguard for Privileged Passwords Authentication Bypass Flaw
CISA Adds Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and MSSQL Server Bugs to its KEV Catalog
Clever ‘GitHub Scanner’ Campaign Abusing Repositories to Push Malware
Germany Seizes 47 Crypto Exchanges Used by Ransomware Gangs
Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence

how-the-sys:all-loophole-allowed-us-to-penetrate-gke-clusters-in-production

_ 24 janvier 2024_ _ 0 Comments

How the Sys:All Loophole Allowed Us To Penetrate GKE Clusters in Production

An external threat actor in possession of a Google account could misuse this misconfiguration by using their own Google OAuth 2.0 bearer token to seize control of the cluster for follow-on exploitation.

10

Author