"Researchers at cybersecurity firm Tenable discovered two vulnerabilities that could be exploited to fully compromise instances of the Google Looker business intelligence platform. Google Looker enables organizations to centralize disparate datasets into a unified data layer for creating real-time visualizations, interactive dashboards, and data-driven applications. Enterprises can use a SaaS version with the Looker instance fully managed by Google Cloud or host it on their own infrastructure."
"Tenable researchers discovered two vulnerabilities affecting the platform that, if exploited, could lead to remote code execution and the exfiltration of sensitive information. The flaws, collectively known as LookOut, can be exploited by an attacker with developer permissions in the targeted Looker instance. According to Tenable, the remote code execution vulnerability can enable an attacker to gain full administrative access to the underlying infrastructure."
Tenable discovered two critical vulnerabilities in Google Looker that can be exploited to fully compromise instances. The flaws, named LookOut, allow an attacker with developer permissions to achieve remote code execution and an authorization bypass. Remote code execution can grant full administrative access to infrastructure, enabling secret theft, data manipulation, and lateral movement, with potential cross-tenant access in cloud deployments. The authorization bypass enables attachment to internal database connections and exfiltration of the full internal MySQL database via error-based SQL injection. Google patched the vulnerabilities in late September 2025 for cloud-hosted instances; self-hosted instances require administrators to apply the patch. No evidence of in-the-wild exploitation was found.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]