Mastodawn

Google Exposes Flaw in Kubernetes Operator, Denies Bug Bounty

Google's security team initially praised researcher Justin O'Leary for uncovering a high-severity flaw, dubbed ConfigConfusion, in the Config Connector add-on for Kubernetes - only to later claim it wasn't a vulnerability at all and deny a bug bounty. The issue still lingers, leaving users of the open-source tool potentially…

https://osintsights.com/google-exposes-flaw-in-kubernetes-operator-denies-bug-bounty?utm_source=mastodon&utm_medium=social

#KubernetesOperator #ConfigConnector #Configconfusion #GcpIamApi #GoogleCloud

Google Exposes Flaw in Kubernetes Operator, Denies Bug Bounty

Discover the ConfigConfusion flaw in Kubernetes Operator and learn how it remains unfixed. Read now and stay informed about this high-severity vulnerability.

OSINTSights

Show thread

Kevin Davin May 2, 2023

@jpetazzo Got it!

All your problems are related to the implementation of the `terraform` module IIUC, no?

For the #Istio workshop (same strategy as you), we used `tf` and had some problems too. I tried the same thing with #ConfigConnector, it was better (fully declarative) but too young when we needed it.

So, I understand more your feedback now and it a shame a good product like this can be perceived bad because of the intermediate tooling.

I'll try to share that internally 😇