Google fixed a vulnerability in Cloud Composer 2 that could have led to privilege escalation through exploitation of the default Cloud Build service account, Tenable researchers reported Tuesday.Cloud Composer is an Apache Airflow-based fully managed workflow orchestration service within the Google Cloud Platform that can be used to create, schedule and monitor data pipelines.Cloud Composer has a feature that allows users to install custom packages from the Python Package Index (PyPI) in their environment, which relies on another service called Cloud Build, a fully managed continuous integration and delivery (CI/CD) service in Google Cloud.When a PyPI package is installed, a Cloud Build instance is automatically created to complete the process. Previously, this instance was run using the highly privileged Cloud Build default service account, which has broad permissions not only within Cloud Build but also other Google Cloud services such as Cloud Storage, Artifact Registry, Container Registry and more.By installing a malicious PyPI package, an attacker with edit permissions in Cloud Composer could leverage the high permissions of the Cloud Build service account by accessing Cloud Build’s metadata API and stealing its access token to the victim’s environment.This could be achieved using a malicious installation script within the PyPI package, which would be automatically executed when the package installer for Python, pip, runs on the Cloud Build instance. Tenable researchers dubbed this vulnerability “ConfusedComposer.”“The ConfusedComposer vulnerability is fairly easy to exploit,” Liv Matan, senior cloud security researcher at Tenable, told SC Media. “Attackers do not need direct access to the Composer or Cloud Build service [accounts]. The main limitation is that the attacker must have edit permissions on Cloud Composer.”After the issue was reported by Tenable to Google, changes were made in Dec. 11, 2024, so that Cloud Composer 2 environments created in version 2.10.2 or later would use the environment’s service account, rather than the default Cloud Build service account, for PyPI package installations.Additionally, Google announced in January that all Cloud Composer 2 environments, including those prior to version 2.10.2, would use the environment’s service account instead of the Cloud Build service account for PyPI package installations by April.Cloud Composer 3 environments already used the environment’s service account for PyPI package installations and were not affected by ConfusedComposer.“We’re appreciative of the researcher’s work in identifying and reporting this issue affecting Cloud Composer. We have since mitigated the issue, and informed customers on how to secure their permissions. We have not seen any evidence of exploitation,” a Google spokesperson said in a statement to SC Media.ConfusedComposer is similar to another privilege escalation flaw involving the Cloud Build service account in Google Cloud Platform’s Cloud Functions service, which was discovered by Tenable in July 2024 and dubbed ConfusedFunction.Tenable compares these flaws and other similar vulnerabilities in cloud services to Jenga, referring to how multiple cloud services tend to interconnect and rely on one another, often in ways unseen to the user. This can lead to a broader attack surface due to misconfigurations and vulnerabilities in services frequently deployed automatically “behind-the-scenes” to facilitate orchestrated workflows in the cloud.
