all InfoSec news
Google Cloud Platform (GCP) Privilege Escalation Vulnerability In Cloud Functions
Tenable Research Advisories www.tenable.com
Tenable Research has discovered a vulnerability in Google Cloud Platform (GCP) that allows privilege escalation from Cloud Function permissions to the default Cloud Build service account permissions. These permissions include high privileges in services such as Cloud Build, storage (including the source code of other functions), artifact registry, and container registry.
The vulnerability could be exploited with permissions to update or create a new Google Cloud Function, thus getting Cloud …
cloud cloud functions cloud platform escalation functions gcp google google cloud google cloud platform platform privilege privilege escalation vulnerability