all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions

Add to bookmarks
June 4, 2024, 2:35 p.m. | Liv Matan

Tenable Research Advisories www.tenable.com

Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions

Tenable Research has discovered a vulnerability in Google Cloud Platform (GCP) that allows privilege escalation from Cloud Function permissions to the default Cloud Build service account permissions. These permissions include high privileges in services such as Cloud Build, storage (including the source code of other functions), artifact registry, and container registry.

 

The vulnerability could be exploited with permissions to update or create a new Google Cloud Function, thus getting Cloud …

cloud cloud functions cloud platform escalation functions gcp google google cloud google cloud platform platform privilege privilege escalation vulnerability

Visit resource

More from www.tenable.com / Tenable Research Advisories

Fortra FileCatalyst Workflow Unauthenticated SQLi 1 day, 5 hours ago | www.tenable.com
build class fortra injection +11
Rockwell Automation ThinManager ThinServer Multiple Vulnerabilities 1 day, 9 hours ago | www.tenable.com
attacker automation can code +22
NextChat Server-Side Request Forgery / Cross-Site Scripting 1 day, 13 hours ago | www.tenable.com
api attacks code cross-site +12
SSRF Security Feature Bypass in Azure AI and ML Studios 1 week, 2 days ago | www.tenable.com
azure azure ai bypass evan +5
Multiple Vulnerabilities in Adobe FrameMaker Publishing Server (FMPS) December 2022 release Update 2 2 weeks, 6 days ago | www.tenable.com
adobe adobe framemaker api api authentication +13
Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions 3 weeks, 1 day ago | www.tenable.com
cloud cloud functions cloud platform escalation +9
Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions 3 weeks, 1 day ago | www.tenable.com
cloud cloud functions cloud platform escalation +9
Microsoft Azure Firewall Bypass Vulnerability 3 weeks, 2 days ago | www.tenable.com
azure bypass bypass vulnerability firewall +4
Google Cloud Platform Remote Code Execution Vulnerability in GCP Composer 3 weeks, 3 days ago | www.tenable.com
arbitrary code attackers cloud cloud platform +19

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California
View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
View on infosec-jobs.com

Account Executive - Secureworks Direct Sales - US Remote Philadelphia

@ Dell Technologies | Remote - Pennsylvania, United States
View on infosec-jobs.com

SATCOM Technician - Shariki, Japan - Secret Clearance (Onsite)

@ RTX | RVA99: RTN Remote, Virginia
View on infosec-jobs.com

Senior Test Engineer

@ Commonwealth Bank | Bengaluru - Manyata Tech Park Road
View on infosec-jobs.com

Lead Developer - Pipeline & Algorithms

@ Arctic Wolf | Waterloo
View on infosec-jobs.com