web analytics

CloudImposer RCE Vulnerability Targets Google Cloud Platform – Source: www.databreachtoday.com

Rate this post

Source: www.databreachtoday.com – Author: 1

Cloud Security
,
Security Operations

Attackers Could Exploit Flaw to Run Malicious Code on Google’ s, Customers’ Servers

Prajeet Nair (@prajeetspeaks) •
September 16, 2024    

CloudImposer RCE Vulnerability Targets Google Cloud Platform
A flaw in the Google Cloud Platform could have had a Jenga-like effect on cloud security. (Image: Shutterstock)

Google patched a critical remote execution vulnerability in its cloud platform Cloud Composer service, “CloudImposer,” which could have allowed attackers to compromise millions of servers, say researchers from Tenable.

See Also: Alleviating Compliance Pain Points in the Cloud Era

The flaw originated in the installation process of specific software packages within Google’s infrastructure, which attackers could have exploited to run malicious code on both Google’s servers and those of its customers. Discovered by Tenable in early August, the vulnerability put GCP services like App Engine, Cloud Functions and Cloud Composer at risk of large-scale supply chain attacks.

Google has recommended using a Python command called –extra-index-url that inadvertently made systems vulnerable to dependency confusion attacks. These occur when attackers upload malicious packages to a public registry, deceiving systems into downloading and installing the compromised software instead of the intended one, said Tenable.

An attacker exploiting CloudImposer could theoretically run code on millions of GCP servers by simply uploading a package to the public PyPI repository. In response, Google updated its package installation process to prevent such attacks.

The CloudImposer vulnerability could lead to the Jenga Tower effect – cloud services are intricately linked, meaning that a compromise in one service can cascade through interconnected platforms. GCP Composer, for instance, is built on Google Kubernetes Engine, which adds another layer of potential exploitation for attackers.

Post-exploitation, cybercriminals can utilize techniques for GKE to further infiltrate GCP Composer systems.

The large-scale nature of the vulnerability underscores the challenges of securing cloud environments. With GCP services spread across vast networks, a single vulnerability like CloudImposer can have a disproportionate impact, endangering users.

Researchers encouraged developers to review their package installation processes and ensure they have appropriate safeguards in place to prevent dependency confusion attacks.

Original Post url: https://www.databreachtoday.com/cloudimposer-rce-vulnerability-targets-google-cloud-platform-a-26299

Category & Tags: –

Views: 1

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post