Closes wiz-sec#245: Add GCP Bulletins

vulnerabilities/gcp-anthos-predictable-seed.yaml

@@ -0,0 +1,29 @@
+title: Predictable seed used to generate keys in Anthos Identity Service LDAP module
+slug: gcp-anthos-predictable-seed
+cves: null
+affectedPlatforms:
+- GCP
+affectedServices:
+- Anthos
+image: https://images.unsplash.com/photo-1607217237228-a8b69908bad6?ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8fA%3D%3D&auto=format&fit=crop&w=3270&q=80
+severity: Low
+discoveredBy:
+  name: null
+  org: null
+  domain: null
+  twitter: null
+disclosedAt: null
+publishedAt: 2021/09/29
+exploitabilityPeriod: null
+knownITWExploitation: null
+summary: |
+  There is a known issue where updating a BackendConfig resource
+  using the v1beta1 API removes an active Google Cloud Armor 
+  security policy from its service.
+manualRemediation: |
+  Dropped Cloud Armor security policies must be manually reattached. 
+detectionMethods: null
+contributor: https://github.com/ramimac
+references:
+- https://cloud.google.com/support/bulletins#gcp-2022-009
+- https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-009

vulnerabilities/gcp-cloudsql-tempdb-privesc.yaml

@@ -0,0 +1,31 @@
+title: Privilege escalation in GCP Cloud SQL via tempdb
+slug: gcp-cloudsql-tempdb-privesc
+cves: null
+affectedPlatforms:
+- GCP
+affectedServices:
+- Cloud SQL
+image: https://images.unsplash.com/photo-1595742446666-c51b9fee49c2?ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxzZWFyY2h8M3x8dGVtcG9yYXJ5fGVufDB8MHwwfHx8MA%3D%3D&auto=format&fit=crop&w=900&q=60
+severity: High
+discoveredBy:
+  name: null
+  org: null
+  domain: null
+  twitter: null
+disclosedAt: null
+publishedAt: 2023/06/02
+exploitabilityPeriod: null
+knownITWExploitation: null
+summary: |
+  A vulnerability was recently discovered in Cloud SQL for SQL Server
+  that allowed customer administrator accounts to create triggers 
+  in the tempdb database and use those to gain sysadmin privileges in the instance. 
+  The sysadmin privileges would give the attacker access to system databases
+  and partial access to the machine running that SQL Server instance.
+manualRemediation: |
+  None required
+detectionMethods: null
+contributor: https://github.com/ramimac
+references:
+- https://cloud.google.com/support/bulletins#GCP-2023-007
+- https://cloud.google.com/sql/docs/security-bulletins#gcp-2023-007

vulnerabilities/gcp-dropped-cloudarmor-policy.yaml

@@ -0,0 +1,29 @@
+title: Dropped active Google Cloud Armor security policy
+slug: gcp-dropped-cloudarmor-policy
+cves: null
+affectedPlatforms:
+- GCP
+affectedServices:
+- Cloud Armor
+image: https://images.unsplash.com/photo-1607217237228-a8b69908bad6?ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8fA%3D%3D&auto=format&fit=crop&w=3270&q=80
+severity: Low
+discoveredBy:
+  name: null
+  org: null
+  domain: null
+  twitter: null
+disclosedAt: null
+publishedAt: 2021/09/29
+exploitabilityPeriod: null
+knownITWExploitation: null
+summary: |
+  There is a known issue where updating a BackendConfig resource
+  using the v1beta1 API removes an active Google Cloud Armor 
+  security policy from its service.
+manualRemediation: |
+  Dropped Cloud Armor security policies must be manually reattached. 
+detectionMethods: null
+contributor: https://github.com/ramimac
+references:
+- https://cloud.google.com/support/bulletins#gcp-2022-009
+- https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-009

vulnerabilities/gcp-gke-autopilot-privesc.yaml

@@ -0,0 +1,31 @@
+title: GKE Autopilot cluster privilege esclation
+slug: gke-autopilot-privesc
+cves: null
+affectedPlatforms:
+- GCP
+affectedServices:
+- Kubernetes Engine Autopilot
+image: https://images.unsplash.com/photo-1628251721369-9bab0845261e?ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8fA%3D%3D&auto=format&fit=crop&w=3132&q=80
+severity: Low
+discoveredBy:
+  name: null
+  org: null
+  domain: null
+  twitter: null
+disclosedAt: null
+publishedAt: 2022/03/01
+exploitabilityPeriod: null
+knownITWExploitation: null
+summary: |
+  Some unexpected paths to access the node VM on GKE Autopilot clusters
+  could have been used to escalate privileges in the cluster. The mechanisms
+  for escalation were an overly loose set of third party policy exemptions, 
+  a pair of overly privileged pods, and privileged service accounts 
+  in the default namespace.
+manualRemediation: |
+  None required
+detectionMethods: null
+contributor: https://github.com/ramimac
+references:
+- https://cloud.google.com/support/bulletins#gcp-2022-009
+- https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-009

vulnerabilities/gcp-gke-hyperthreading.yaml

@@ -0,0 +1,31 @@
+title: Side channel attack against Simultaneous Multi-Threading
+slug: gke-hyperthreading
+cves: null
+affectedPlatforms:
+- GCP
+affectedServices:
+- Kubernetes Image
+image: https://images.pexels.com/photos/5371573/pexels-photo-5371573.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=2
+severity: Medium
+discoveredBy:
+  name: null
+  org: null
+  domain: null
+  twitter: null
+disclosedAt: null
+publishedAt: 2023/06/02
+exploitabilityPeriod: null
+knownITWExploitation: null
+summary: |
+  There is a misconfiguration with Simultaneous Multi-Threading (SMT),
+  also known as Hyper-threading, on GKE Sandbox images. The 
+  misconfiguration leaves nodes potentially exposed to side channel 
+  attacks such as Microarchitectural Data Sampling (MDS)
+  (for more context, see GKE Sandbox documentation).
+manualRemediation: |
+  None required
+detectionMethods: null
+contributor: https://github.com/ramimac
+references:
+- https://cloud.google.com/support/bulletins#gcp-2022-011
+- https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-011