When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
“The issues with Fluent Bit and Anthos Service Mesh have been mitigated and fixes are now available.
These vulnerabilities are not exploitable on their own in GKE and require an initial compromise.”
Data theft
Google also claims it found no evidence of the vulnerabilities being exploited in the wild.
However, to make it work, the attacker needs to have a compromised Fluent Bit container in advance.
“GKE uses Fluent Bit to process logs for workloads running on clusters,” Google explains further.
“Fluent Bit on GKE was also configured to collect logs for Cloud Run workloads.
“The attacker can update the cluster role bound to CRAC to possess all privileges.”
