Tenable has identified a privilege escalation vulnerability in Google Cloud Run called ImageRunner. The vulnerability has the capability to have allowed attackers to bypass permissions, gain unauthorized access to container images and potentially expose sensitive data. According to Tenable researchers, an attacker with edit permissions on Cloud Run could exploit these inherited permissions to retrieve a container image and use it to deploy applications, demonstrating the risks associated with cloud service interdependencies.
Tenable research discovery
ImageRunner exemplifies what Tenable has coined the Jenga Concept; it is the tendency for cloud providers to build services on top of one another, thus security risks and weaknesses in one-layer cascade into other services.
“In the game of Jenga, removing a single block can undermine the entire structure,” said Liv Matan, Senior Security Researcher at Tenable. “Cloud services function similarly if one component has risky default settings, those risks can trickle down to dependent services, increasing the risk of security breaches.”
If exploited, ImageRunner could allow attackers to -
· Inspect private container images, extracting sensitive information or secrets.
· Modify deployment parameters to execute unauthorized code.
· Exfiltrate critical data for cyberespionage or malicious activities.
· Google has addressed ImageRunner and no additional action is required.
Meanwhile, Tenable recommends organisations to:
· Follow the least privilege model to prevent unnecessary permission inheritance.
· Map hidden dependencies between cloud services using tools like Jenganizer.
· Regularly review logs to detect suspicious access patterns.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
