Ddos 
Tenable Research has identified a now-patched privilege-escalation vulnerability in Google Cloud Platform (GCP) dubbed “Confused Composer”. The vulnerability existed within Cloud Composer and could have allowed an attacker to escalate their privileges.
The core issue was that an identity with the composer.environments.update permission could edit a Cloud Composer environment to gain elevated privileges. This escalation would target the default Cloud Build service account. The report emphasizes the significant permissions held by this account, noting it “includes permissions to Cloud Build itself, as well as to Cloud Storage, Artifact Registry, and more.“
To understand the vulnerability, it’s important to know what Cloud Composer and Cloud Build are.
- Cloud Composer is a managed workflow-orchestration service in GCP, based on Apache Airflow, used for scheduling and automating data pipelines.
- Cloud Build is a managed continuous integration and delivery (CI/CD) service in GCP that builds, tests, and deploys applications and containers.
The report highlights the interplay between these services: “Cloud Composer uses Cloud Build to build packages, and that is exactly where attackers could have abused the process to escalate privileges.“
Cloud Composer allows users to install custom PyPI packages. The vulnerability stemmed from how Composer interacts with Cloud Build during this process.
Here’s a summary of the attack vector:
- A user specifies a custom PyPI package.
- Composer initiates a build process and automatically provisions a Cloud Build instance.
- This instance is attached to the default Cloud Build service account, which has extensive permissions.
An attacker with the composer.environments.update permission could inject a malicious PyPI package into the Composer configuration.
The attacker would add their malicious package to Composer. Cloud Build uses Pip to install this package. The report points out a critical detail: “Turns out that Pip automatically runs pre- and post-package installation scripts.“
This allows an attacker to execute arbitrary code within the Cloud Build environment. The attacker could then inject code to access the Cloud Build’s metadata API. Because the build instance uses the default Cloud Build service account, the attacker could extract its token and gain control over a highly privileged service account.
The report stresses the severity of this vulnerability: “This attack was particularly dangerous because the attacker did not need direct access to the Composer’s service account or to Cloud Build’s service account – only the ability to update a Composer environment.” It clarifies that “gaining full ownership of the project from the default Cloud Build service account was well within reach.“
GCP has addressed this vulnerability. Previously, “during update operations to perform PyPI module installations, Composer used the Cloud Build service account.” Now, Composer uses the Composer environment service account for these installations.
The fix has been rolled out to new Composer instances, and existing instances are scheduled to be updated by April 2025.
GCP also updated Composer’s documentation, including sections on Access Control, Installing Python Dependencies, and Accessing the Airflow CLI.
Tenable Research notes that ConfusedComposer is part of a broader attack class called “Jenga“. This class is a variant of the “Confused Function” vulnerability and “exploits the somewhat-hidden cloud provider misconfigurations related to cloud services permissions to escalate privileges beyond intended access levels.“
Related Posts:
- CVE-2024-48510 (CVSS 9.8): Critical Flaw in ABB Drive Composer Enables File System Access
- Azure Service Tags Vulnerability Exposes Cloud Services to Potential Attacks
- Google Cloud Services Disrupted in UK Due to Power Outage
- Tenable Exposes Critical “CloudImposer” Vulnerability in Google Cloud Platform Composer
Donate