A loophole in Google Kubernetes Engine (GKE) - dubbed ‘Sys:All’ - could allow an attacker with any Google account to take over a GKE cluster, potentially leading to serious security incidents such as cryptomining, denial of service, and sensitive data theft. The loophole stems from a likely widespread misconception that the system:authenticated group in GKE includes only verified and deterministic identities, whereas in fact, it includes any Google authenticated account (even outside the organization). This misunderstanding could then create a serious weakness when the system:authenticated group is assigned overly permissive roles.
Learn from our speakers as they deep-dive into the details of the GKE loophole, provide the results of our initial reconnaissance research in the wild, and provide practical recommendations on how to make sure your organization is not vulnerable.
In this webcast, we’ll cover:
- What the ‘Sys:All’ GKE loophole is
- How we managed to find thousands of vulnerable GKE clusters
- How to protect against this loophole
Get a Demo of the Orca Security Platforn: https://orca.security/demo/