Summary
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller’s access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent’s
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior to require that the identity updating the Cloud Run
resource also has explicit Artifact Registry Reader or Storage Object Viewer roles.
Affected Services
Cloud Run
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/mer-b
Entry Status
Finalized
Disclosure Date
Mon, Nov 25th, 2024
Exploitablity Period
Until 2025/01/25
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Liv Matan, Tenable
