Google Cloud has recently addressed a medium-severity security flaw in its Kubernetes cluster [5], which was discovered by Palo Alto Networks Unit 42 [2] [4] [5]. This flaw could potentially allow an attacker with access to the cluster to escalate their privileges [2] [3] [4] [5].


To exploit this vulnerability [2] [4], the attacker would first need to compromise a FluentBit container using another initial access method [5]. Once the attacker gains access to the FluentBit container and if Anthos Service Mesh (ASM) is installed, they can then gain complete control of the cluster [1]. This security flaw poses risks such as potential data theft, deployment of malicious pods [1] [2] [3] [4] [5], and disruption of cluster operations [1] [2] [3] [4] [5].

Google has taken immediate measures to address this issue. They have removed FluentBit’s access to service account tokens and re-architected ASM to eliminate excessive role-based access control permissions [2] [3] [4] [5]. As a result, certain versions of Google Kubernetes Engine (GKE) and ASM have been fixed to resolve this security flaw.


The resolution of this security flaw by Google Cloud is crucial in preventing potential data breaches and unauthorized access to Kubernetes clusters. By removing the vulnerabilities and implementing necessary security measures, Google has significantly mitigated the risks associated with this flaw. However, it is important for users to ensure they are using the fixed versions of GKE and ASM to fully protect their clusters. This incident highlights the ongoing need for robust security practices and continuous monitoring to safeguard cloud infrastructure.