Image Credits - cybermagazine
Advertisement
Cybersecurity researchers from Tenable have uncovered a significant vulnerability in Google Cloud Platform (GCP) that exposed millions of servers to remote code execution (RCE) attacks. The flaw, identified as a ‘dependency confusion’ vulnerability, has been dubbed CloudImposer. According to Tenable’s press release, the vulnerability had the potential to allow malicious actors to execute code on “millions of GCP servers as well as on the systems of their customers.”
The flaw was found in the Composer dependency installation process within GCP. It enabled attackers to upload a malicious package to PyPI, which was subsequently preinstalled on all Composer instances, granting them elevated permissions. This exposure enabled attackers to execute code remotely, exfiltrate service account credentials, and potentially compromise other GCP services.
The vulnerability was uncovered through a detailed analysis of documentation from GCP and the Python Software Foundation. Tenable noted that this type of supply chain attack could be exponentially more damaging in the cloud compared to traditional on-premises environments. A single malicious package could rapidly spread across multiple networks, putting millions of users at risk.
Liv Matan, Senior Research Engineer at Tenable, stressed the seriousness of the issue, stating, “The impact of CloudImposer is extensive. By identifying and revealing this vulnerability, we’ve shut down a significant avenue that attackers could have exploited on a large scale.”
Tenable also criticized Google for its lack of awareness and preventive measures against this well-known attack technique, indicating a concerning gap in Google’s cloud security protocols. Google has since addressed the issue and patched the vulnerability.