Researcher and frequent cloud bug hunter Justin OLeary told us that he found and reported to Google a major flaw that allows any Kubernetes namespace user to bypass GCPIdentity and Access Management IAM controls and therefore gain root access to managing an organization cloud resources. Google initially rated the bug high priority and high severity, with a rep telling OLeary Nice Catch! Then, the cloud giant changed course and toldOLeary and that there no vulnerability, so no fix and no reward...
