VDB

GCVE-110-CLOUD-2023-0034

GCVE-110-CLOUD-2023-0034
Advisory Published
Vulnetix · Advisory published May 24, 2023
A vulnerability discovered in GCP's Cloud SQL service allowed customer administrator accounts to create triggers in the tempdb database and use those to gain sysadmin privileges in the instance. This could be abused to result in complete control of the database engine and access to the host OS. An attacker could have listed and accessed files in the host OS, including any secrets on the machine, as well as gaining access to service agents. However, it is unclear from the report if this level of access could have allowed lateral movement within the Cloud SQL service or grant cross-tenant access to other customers' data. The reporters did not disclose any lateral movement and Google stated in their security bulletin that it was not possible.

Affected Products

VendorProductVersionsPlatforms
GCPCloud SQL

References

advisory
advisory

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›