Google Patches GCP Privilege Escalation Flaw
Researchers have identified a potential privilege escalation flaw in Google Cloud Platform (GCP) services, including Cloud Functions and Cloud Build. This vulnerability allows attackers to gain elevated permissions during the deployment process of GCP Cloud Functions.
The flaw was discovered through extensive research by security researchers and teams specialising in cloud infrastructure vulnerabilities. Their process involves thorough analysis of official documentation and public information, setting up test environments, simulating attacks, and collecting data to assess the impact.
The attack technique can be adapted to perform environment enumeration, a reconnaissance tactic useful for mapping systems, even without privileged access. Cisco Talos expanded upon Tenable's findings and replicated the attack technique across multiple cloud platforms, demonstrating its broader applicability. Organizations are advised to enforce the principle of least privilege, regularly audit and monitor permissions, alert on unexpected Cloud Function modifications, inspect outgoing traffic for signs of exfiltration, and validate the integrity of external NPM packages.
Google has issued a patch to mitigate the excessive privileges previously granted to default Cloud Build service accounts. They have also modified Cloud Build's behavior and added new policies for more granular service account control, making exfiltration of service account tokens no longer feasible in GCP. Organizations should implement these security measures to protect their cloud environments.
Read also:
- Singapore Warns of China-Linked APT Group Targeting Critical Infrastructure
- Trump and Xi speak over the phone, according to China's confirmation.
- NVIDIA introduces Blackwell to the cloud and unveils the significant enhancement of GeForce Now at Gamescom 2025, marking a major step in cloud gaming technology.
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
