Spread the love

The flaw could allow attackers to access restricted container images, potentially leading to privilege escalation, data theft, and espionage attacks.

Google Cloud
Credit: Michael Vi / Shutterstock

A critical privilege escalation vulnerability, ImageRunner, affecting Google Cloud was promptly fixed before it could allow attackers to access sensitive information from GCP deployments.

The issue, as discovered by the cybersecurity company Tenable, could have enabled an attacker to bypass permissions and obtain unauthorized access to container images.

“This is possible because Cloud Run pulls images during a revision deployment process,” Tenable told CSO in a comment ahead of publicly disclosing the flaw on Tuesday. “Cloud Run uses a service agent, an automated ‘worker’ that handles essential operations, which has higher permissions allowing it to retrieve images from the Google Container Registry or Artifact Registry.”

Google Cloud Run is a fully managed serverless platform to deploy and run containerized applications and a ‘revision’ is a specific, immutable version of a deployed service that Cloud Run creates every time a new version of a containerized application is deployed.

Google internally fixed the issue in January 2025 with additional checks and developers need not do anything.

Pulling restricted “private” images

A prerequisite to ImageRunner is an identity that lacks registry permissions but has edit permissions on Google Cloud Run revisions. The bespoke “worker” has these permissions, which attackers could potentially use to pull private Google Artifact Registry (GAR) and Google Container Registry (GCR) images from the same account.

Private images are restricted and require authentication to access. They are used to store proprietary applications, configurations, or sensitive code.

The worker, aka service agent, “is a special type of service account created and managed by Google Cloud,” said Liv Matan, senior security researcher at Tenable. “If an attacker gains certain permissions within a victim’s project – specifically run.services.update and iam.serviceAccounts.actAspermissions – they could modify a Cloud Run service and deploy a new revision.“

In doing so, they could specify (through malicious code injection) any private container image stored in a victim’s registries, Matan added.

According to a Tenable statement to CSO, an attacker could use this vulnerability for data theft or espionage in a real-world scenario. The attacker could use their code to inspect the contents of the private image, extract secrets stored within it, or even exfiltrate sensitive data.

Flaw fixed with explicit read access requirement

The flaw, which was never assigned a CVE ID, received a fix from Google in January wherein Cloud Run was updated with necessary restrictions.

“The principal (user or service account) creating or updating a Cloud Run resource now needs explicit permission to access the container image(s).” said a Google Cloud disclosure. “When using Artifact Registry, ensure the principal has the Artifact Registry Reader (roles/artifactregistry.reader) IAM role on the project or repository containing the container image(s) to deploy.”

The fix was rolled out to all production on January 28 as a “breaking change,” following a Mandatory Service Announcement sent to affected Project, Folder, and Organization owners during the last week of November 2024, according to Tenable.  A breaking change with reference to GCP refers to an update or modification that disrupts existing functionality, requiring users to update their configurations, code, or workflows to maintain compatibility.

Facebook Comments Box
Tags: , ,
Categories: