Title: Vulnerability Discovered in Google Cloud Platform’s Cloud Run: Privilege Escalation Risk Addressed
Google Cloud Platform Vulnerability Highlighted: Security Flaw in Cloud Run Patched
April 2, 2025
By Ravie Lakshmanan
Tags: Cloud Security / Vulnerability
In a significant cybersecurity revelation, researchers at Tenable have disclosed a now-resolved privilege escalation vulnerability within Google Cloud Platform’s (GCP) Cloud Run, codenamed "ImageRunner." This flaw had the potential to allow malicious actors to manipulate cloud services, gain unauthorized access to container images, and inject harmful code.
The vulnerability was identified in the permissions structure of Cloud Run, a managed service that executes containerized applications. According to Tenable security researcher Liv Matan, attackers could exploit a specific set of permissions to modify Cloud Run services and deploy new revisions, using the compromised rights to access private images stored in Google Artifact Registry and Google Container Registry.
"By obtaining permissions like run.services.update and iam.serviceAccounts.actAs, an attacker could pull any private container image within the same project, opening the floodgates for malicious activity," Matan explained.
Following responsible disclosure, Google promptly patched the vulnerability on January 28, 2025. The fix now mandates explicit permission for any user or service account that creates or updates a Cloud Run resource to access the relevant container images. Google emphasized that users must assign the Artifact Registry Reader IAM role to enforce this protection.
Identifying the interconnected risks of cloud services, Matan described ImageRunner as a classic case of "Jenga" vulnerabilities, where the integrity of interconnected services can be compromised by a breach in one area, potentially exposing others to increased risks. This announcement comes on the heels of similar vulnerabilities being reported across various cloud platforms, underscoring an urgent need for organizations to review their cloud security protocols.
As cyber threats evolve, the necessity for robust security measures in cloud architectures has never been more pressing.
