Vulnerabilities Allowed Full Compromise of Google Looker Instances

Researchers at cybersecurity firm Tenable discovered two vulnerabilities that could be exploited to fully compromise instances of the Google Looker business intelligence platform.

Google Looker enables organizations to centralize disparate datasets into a unified data layer for creating real-time visualizations, interactive dashboards, and data-driven applications.

Enterprises can use a SaaS version with the Looker instance fully managed by Google Cloud or host it on their own infrastructure.

Tenable researchers discovered two vulnerabilities affecting the platform that, if exploited, could lead to remote code execution and the exfiltration of sensitive information.

The flaws, collectively known as LookOut, can be exploited by an attacker with developer permissions in the targeted Looker instance.

According to Tenable, the remote code execution vulnerability can enable an attacker to gain full administrative access to the underlying infrastructure. The attacker can steal secrets, manipulate data, or move deeper into the internal network.

“In cloud instances, the vulnerability ...