Security News > 2023 > July > Bad.Build Flaw in Google Cloud Build Raises Concerns of Privilege Escalation

Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks.

The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to cloud security firm Orca, which discovered and reported the issue.

"By abusing the flaw and enabling an impersonation of the default Cloud Build service, attackers can manipulate images in the Google Artifact Registry and inject malicious code," the company said in a statement shared with The Hacker News.

A malicious actor could abuse the "Cloudbuild.builds.create" permission already obtained by other means to impersonate the Google Cloud Build service account and obtain elevated privileges, exfiltrate an image that is being used inside Google Kubernetes Engine, and alter it to incorporate malware.

This is not the first time privilege escalation flaws impacting the Google Cloud Platform have been reported.

Customers are advised to monitor the behavior of the default Google Cloud Build service account to detect any possible malicious behavior as well as apply the principle of least privilege to mitigate possible risks.

News URL

https://thehackernews.com/2023/07/badbuild-flaw-in-google-cloud-build.html