On June 18, 2019, at 3:04 UTC we were notified by an independent security researcher that our GCP-based machine executors had insufficient network isolation, and could possibly allow network connection cross-talk between different customers’ executors outside of expected ports. We do not have any indication of attacks or attempted executor cross-talk and we do not believe any customers were impacted by this vulnerability. Docker executors were not vulnerable.
Our team took immediate steps to remediate the issue and restrict network communication to the intended ports. We have also taken steps to ensure future network changes do not weaken executor network isolation.