Skip to content

Google Cloud Dataproc clusters are at risk of RCE attacks

  • by
  • 2 min read

Photo: Tada Images / Shutterstock.com

Google Cloud Dataproc has been exposed to a critical vulnerability identified with the Open Source Software (OSS) managed solution. This vulnerability opens the door for unauthorised access and manipulation by attackers possessing knowledge of the Dataproc IP address.

Cybersecurity researchers from Orca Security found the flaw and reported it to the Google Security Team. However, they labelled the vulnerability as an ‘Abuse Risk’; as of now, no action has yet been taken by Google. The extent of this flaw can be understood by the fact that over 20% of organisations are currently utilising Dataproc and are exposed to this security risk.

Although Google’s Dataproc documentation acknowledges the potential security risk and recommends avoiding open firewall rules on public networks, it fails to address the risk of an attacker already having an initial foothold on a Compute Engine instance, gaining unauthenticated access to GCP Dataproc.

The abuse risk primarily exploits the lack of security controls in Apache Hadoop’s web interfaces and the tendency of users to maintain default settings when creating resources.

This is an image of googledataproc ss1
GCP Dataproc Attack flow. | Source: Orca Security

The potential attack path involves an internet-facing, Remote Code Execution (RCE) vulnerable Compute Engine instance. Once compromised, the attacker can scan for open ports, accessing critical web interfaces like YARN ResourceManager and HDFS NameNode, both lacking authentication.

This could lead to unauthorised access to the Apache Hadoop Distributed File System (HDFS), compromising sensitive data. Researchers found that organisations using Dataproc have at least one cluster deployed on the default subnet VPC, amplifying the risk. The default VPC, named ‘default’, allows inbound connections on internal subnets, potentially exposing Dataproc clusters and Compute Engine instances to security threats.

Researchers recommend network segmentation, creating dedicated VPCs with customised firewall rules, and deploying independent clusters in different subnets to address this issue. Additionally, vulnerability management practices and prompt remediation are crucial to minimising the risk of a security breach.

In the News: TA4557 targets recruiters directly to deploy malware

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

This is an image of telecom tower

South Korea’s biggest telco discloses data breach

This is an image of chatgpt featured 21324132

Washington Post partners with OpenAI to ensure ChatGPT gets news right

This is an image of https 3344700 1280

SSL.com patches abused certificate issue vulnerability

Photo: koshiro k/shutterstock. Com

OpenAI report claims its latest models hallucinate more

What is a hack? 9 different types of hackers you must know about

New RustoBot malware hijacks routers to inject commands

This is an image of wordpress featured 9924

Ad-fraud operation monetises piracy via WordPress plugins

>