Tenable Research Discovers ConfusedFunction Vulnerability in Google Cloud Platform

Tenable, the Exposure Management company, has made a significant discovery in Google Cloud Platform (GCP) that has raised concerns about the security of its Cloud Function serverless compute service and Cloud Build CI/CD pipeline service.

The vulnerability, named ConfusedFunction, was identified by Tenable’s Cloud Research Team. While GCP has taken steps to address the issue for future Cloud Build accounts, existing instances remain at risk and require immediate action to mitigate potential threats.

Cloud Functions in GCP are designed to automatically scale and execute code in response to specific events. However, the deployment process for these functions inadvertently grants excessive permissions to the default Cloud Build service account, leaving them vulnerable to exploitation by attackers.

Liv Matan, Senior Research Engineer at Tenable, emphasized the importance of addressing the ConfusedFunction vulnerability, noting that the complexity of software and inter-service communication in cloud environments can lead to problematic scenarios.

GCP has confirmed that it has partially remediated the issue for Cloud Build accounts created after February 14, 2024. However, the vulnerability still persists in existing instances, prompting the recommendation for users to replace legacy Cloud Build service accounts with least-privilege service accounts to enhance security.

For more detailed technical findings and proof of concept, Tenable has provided additional information on their blog and in a technical advisory. The discovery of ConfusedFunction serves as a reminder of the ongoing challenges in maintaining secure cloud environments and the importance of proactive security measures.