Tenable researchers discovered "LookOut," a pair of vulnerabilities affecting Google Looker deployments. The most critical vulnerability is a remote code execution (RCE) chain that could allow attackers to gain full control of a Looker server. Given Looker's widespread deployment across numerous organizations, exploitation could lead to system takeover or sensitive data access. The article does not specify CVE numbers, CVSS scores, affected versions, fixed versions, or workarounds.
Researchers at Tenable have disclosed two vulnerabilities, collectively referred to as “LookOut,” affecting Google Looker. Because the business intelligence platform is deployed by more than 60,000 organizations in 195 countries, the flaws could give attackers a path to system takeover or access to sensitive corporate data. The uncovered vulnerabilities The most critical discovery, a RCE chain, allows an attacker to take full control of a Looker server by running their own malicious commands remotely. This … More → The post Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk appeared first on Help Net Security .