VDB

GCVE-110-CLOUD-2022-0043

GCVE-110-CLOUD-2022-0043
Advisory Published
Vulnetix · Advisory published March 8, 2022
Unit 42 researchers disclosed several vulnerabilities and attack techniques in GKE Autopilot to Google, the root cause being insufficient verification of allowlisted workload image names. An attacker with permissions to create a pod could have abused these vulnerabilities to (1) escape their pod and compromise the underlying node, (2) escalate privileges and become full cluster administrators, and (3) covertly persist administrative access through backdoors that are completely invisible to cluster operators.

Affected Products

VendorProductVersionsPlatforms
GCPAutopilot
GCPGKE

References

advisory
advisory
advisory

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›