[GSD-2022-1002525] GSD Request

[GSD-automation]

--- GSD JSON ---
{
  "vendor_name": "Google",
  "product_name": "Google Cloud Platform (GCP) ",
  "product_version": "All versions as of 2022-06-07 and later (unfixed as of yet)",
  "vulnerability_type": "IP address filtering",
  "affected_component": "Kubernetes control plane",
  "attack_vector": "network",
  "impact": "bypass Google Kubernetes Engine (GKE) Authorized Networks (aka Kubernetes control plane firewalls)",
  "credit": "@itspeterc",
  "references": [
    "https://twitter.com/itspeterc/status/1534205155914264576?"
  ],
  "reporter": "kurtseifried",
  "reporter_id": 582211,
  "notes": "",
  "description": "In Google Cloud Platform (GCP), all versions as of 2022-06-07 and later (unfixed as of yet) an IP address filtering vulnerability exists in the Kubernetes control plane that can be attacked via other systems within Google Cloud Engine's network (filtering is only applied to external IP addresses) resulting in a bypass of firewall rules and access to the Google Kubernetes Engine (GKE) Authorized Networks (aka Kubernetes control plane) being allowed (please note an attacker would still need credentials to access it). "
}
--- GSD JSON ---

/cc @kurtseifried

[GSD-automation]

This issue has been assigned GSD-2022-1002525