Google Patches GCP Cloud Functions, Build Security Flaw
A potential security flaw has been discovered in Google Cloud Platform's (GCP) Cloud Functions and Cloud Build services. The vulnerability, which allows attackers to gain elevated permissions, has prompted Google to issue a patch and enhance security measures.
Cisco Talos expanded upon Tenable's findings, showing that the attack technique can be applied across multiple cloud platforms. The flaw exploited the deployment process of GCP Cloud Functions, enabling attackers to escalate privileges.
Google has since modified Cloud Build's behavior and added new policies for more granular social security account control. Organizations are advised to enforce the principle of least privilege for all service accounts, regularly audit and monitor permissions, alert on unexpected Cloud Function modifications, inspect outgoing traffic for signs of exfiltration, and validate the integrity of external NPM packages. The same approach can be adapted for environment enumeration, a reconnaissance tactic useful for mapping systems, even without privileged access.
Google has issued a patch to mitigate the excessive privileges previously granted to default Cloud Build service accounts. Organizations are urged to follow Google's recommendations and implement additional security measures to protect their cloud environments.
