From blog.qualys.com
Summary
- The Apache Hadoop Distributed File System (HDFS) can be vulnerable to data compromise when a Compute Engine cluster is in a public-facing virtual private cloud (VPC) or shares the VPC with other Compute Engine instances.
- Google Cloud Platform (GCP) provides a default VPC called ‘default.’ This VPC allows inbound connections only on ports 22 and 3389 while permitting all inbound connections within the internal subnet. This configuration can pose a significant security risk when both Dataproc clusters and Compute Engine instances share the default subnet VPC. It can lead to potential data corruption or theft, both serious concerns.
- The Google Security Team labeled the attack flow as an ‘Abuse Risk.’
- Qualys TotalCloud now notifies customers of misconfigured Dataproc clusters that are vulnerable to exploitation, offering remediation steps and code for prompt resolution.