Cybersecurity researchers have provided details on a recently discovered privilege escalation flaw in Google Cloud Platform ( GCP ) Cloud Run that could have allowed a malicious actor to access container images and even write malicious code.
In a report released to The Hacker News, Feasible security researcher Liv Matan stated that the vulnerability” could have allowed for an identity to abuse its Google Cloud Run revision edit permissions in order to draw private Google Artifact Registry and Google Container Registry images from the same account.”
The security firm codenamed the surveillance flaw ImageRunner. Google addressed the issue as of January 28, 2025, following concerned publication.
A fully managed service called allows you to run containerized applications without the use of servers in a flexible, cloud environment. Container images are retrieved from the ( or Docker Hub ) for later deployment by specifying the image URL when the technology is being used to run a service.
There are some identities that don’t have vessel registry permissions but do have change permissions for Google Cloud Run revisions.
A new variation of a Cloud Run company is created each time it is deployed or updated. Additionally, a company representative account is created for each Cloud Run revision deployment to retrieve the required images.
” If an attacker obtains specific permissions from the victim’s job, especially run.” service. release, and i am. serviceAccounts. They may change a Cloud Run services and build a new version using ActAs rights, Matan explained. They may identify any secret container picture within the same project for the service to pull by doing so.
Additionally, the attacker could access user-friendly or custom images stored in a victim’s registry and perhaps write malicious instructions that can be used to break into secrets, break into sensitive data, or even launch a reverse shell on a machine under their control.
The person or company account creating or updating a Cloud Run source now has explicit permission to access the box images in the Google patch.
In its release notes for Cloud Run in January 2025, the tech giant stated that the main (user or service account ) now requires explicit permission to access the container image( s ).
Make sure the principal has the Artifact Registry Reader ( roles/artifactregistry ) when using the Registry. reader ) IAM role on the project or repository that will house the container image( s ) to deploy.
Tenable refers to ImageRunner as a branch of what it calls Jenga, which arises as a result of the interconnected nature of several cloud services, which in turn causes security risks to be passed on.
According to Matan,” Cloud services build their companies on top of their already-existing services.” The different services built on top of one of them also run the risk and become prone in the event that one service is attacked or compromised.
This circumstance presents new invisible risks to defenders, opens the door to novel luxury escalation opportunities and also vulnerabilities, and also opens the door for attackers.
The disclosure comes weeks after Praetorian described several ways a lower-privilege principal can abuse an Azure virtual machine (VM ) to take control of an Azure subscription.
- Do commands on an Cloud VM running an operational managed identity.
- Log into an Azure VM with an operational managed personality.
- Execut commands in an existing Cloud VM that already has an operational user-assigned managed identity.
- Create a new Azure VM, add an already managed operational identity to it, and run commands inside that VM using data aircraft actions.
Security researchers Andrew Chang and Elgin Lee that” after obtaining the User role for a license, an attacker may be able to use their large control over all subscription resources to find a privilege escalation path to the Entra ID tenant.”
This route is based on a compute resource in the victim subscription that has Entra ID permissions and may allow it to escalate itself to the Global Administrator.