Researchers uncover RCE exploit in Google Cloud, millions of servers at risk

The vulnerability has since been patched

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A major flaw inGoogleCloud Platform (GCP) could have allowed hackers to runmalicious coderemotely, on millions of servers and underlying systems, experts have warned.

According to apress releaseshared withTechRadar Pro, Tenable’s researchers found what’s known as a ‘dependency confusion’ vulnerability, and they dubbed it CloudImposer.

The flaw could have allowed threat actors to execute code on “potentially millions of GCP servers and their customers’ systems,” they said. App Engine, Cloud Function, and Cloud Composer, were said to be most impacted by this vulnerability.

Blast radius “immense”

The flaw was found in GCP’s Composer dependency installation process, which allowed attackers to upload a malicious package to PyPI, which would then be preinstalled on all Composer instances - with high permissions.

As a result, malicious actors could execute code remotely, exfiltrate service account credentials, and move laterally to other GCP services.

Tenable said that its researchers found the bug while running in-depth analysis of documentation from both GCP and the Python Software Foundation. The vulnerability could have resulted in supply chain attacks in thecloudwhich, as they said, can be “exponentially more damaging” compared to on-prem environments. Since a single malicious package can quickly spread across multiple networks, millions of people could be exposed.

“The blast radius of CloudImposer is immense,” commented Liv Matan, senior research engineer at Tenable. “By discovering and disclosing this vulnerability, we’ve closed a major door that attackers could have exploited on a massive scale.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Tenable also took the opportunity to slam Google for its “startling lack of awareness and preventive measures” against what it describes as an “attack technique that’s been known for years”.

Tenable has reported its findings to Google, which has since addressed the issue and plugged the hole.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Best genealogy tool of 2024