A vulnerability in the CloudSQL service of the Google Cloud Platform (GCP) could have let a bad actor , such as secrets, sensitive files, passwords and customer data.
In a May 24 blog post, Dig Security researchers said upon discovering the vulnerabilities, its research team followed coordinated disclosure practices with Google, and all issues were resolved quickly. The issue was not assigned a CVE; as in the vast majority of cases involving cloud services, it's up to the cloud provider to fix the flaw and there's not much rank-in-file security teams can do.
Comments