In the complex tapestry of cloud infrastructure, seemingly minor permission oversights can sometimes unravel into significant security vulnerabilities. Such was the case with ImageRunner, a privilege escalation flaw discovered within the Google Cloud Platform (GCP) by Tenable Research. While now patched, this vulnerability highlighted a critical interaction between GCP’s Cloud Run service and its container registries.
The core of the problem lay in a specific permission scenario. Liv Matan, Senior Security Researcher at Tenable, detailed the finding “At issue are identities that lack registry permissions but that have edit permissions on Google Cloud Run revisions“.
Google Cloud Run is a popular serverless platform designed to run containerized applications seamlessly. Typically, when deploying an application, Cloud Run fetches the container image from a registry like Google Artifact Registry or the older Google Container Registry. This process usually requires the deploying entity to have appropriate permissions to access the image, often facilitated by a Google-managed service agent.
However, ImageRunner exploited a gap in this process. “The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull private Google Artifact Registry and Google Container Registry images in the same account“.
An attacker who gained specific permissions (run.services.update and iam.serviceAccounts.actAs) within a target project could modify an existing Cloud Run service to create a new deployment revision. Critically, during this update, they could point the revision to any private container image residing in the same project’s registries, even if the attacker themselves lacked direct permission to pull that image.
As the report notes, “This is where it gets messy: Attackers could access sensitive or proprietary images stored in a victim’s registries, bypassing these two permissions required to pull private images from the registry: Storage Object Viewer or Artifact Registry Reader“.
“An attacker can do so by leveraging the ability to add instructions during the service update – more specifically, by adding malicious instructions“. These instructions could be injected as commands or arguments into the container configuration when updating the Cloud Run service.
Once the service deployed the new revision using the targeted private image, the injected instructions would execute. “When the updated container runs, the malicious code executes, potentially compromising the container image“. This could allow an attacker to “inspect the contents of the private image, extract secrets stored within it, or even exfiltrate sensitive data“. The vulnerability essentially tricked the Cloud Run service agent, which did possess the necessary underlying permissions, into fetching and running the private image embedded with the attacker’s payload.
Upon notification by Tenable, Google addressed the vulnerability. This crucial change means that simply having permission to update a Cloud Run service is no longer sufficient to pull an arbitrary image. “After this fix, Cloud Run checks to confirm that the deployer has read access to the image“.
Related Posts:
- D-Link Issues Warning on End-of-Life Routers Vulnerable to Botnet Exploits
- Docker-OSX Shut Down: Apple’s Copyright Claim Impacts macOS Containers
- X (formerly Twitter) to Use User Data for AI Development, No Compensation Offered
- Critical Vulnerability in D-Link EOL Routers Allows Remote Code Execution
