In a recent cybersecurity development, researchers have uncovered a privilege escalation vulnerability in Google Cloud Platform’s (GCP) Cloud Run service, which has since been resolved. This flaw could have permitted malicious individuals to gain unauthorized access to container images and potentially inject harmful code, posing a considerable risk to businesses utilizing the platform.
According to Tenable security researcher Liv Matan, the vulnerability named “ImageRunner” could allow malicious actors with specific permissions within a GCP project to exploit Google Cloud Run’s revision edit capabilities. They could pull private images from both the Google Artifact Registry and Google Container Registry associated with the same account, highlighting a significant security oversight.
Following its responsible disclosure, Google promptly addressed the vulnerability on January 28, 2025. For context, Google Cloud Run is designed as a fully managed service to run containerized applications in a scalable and serverless environment, pulling the necessary container images via specified URLs from sources like the Artifact Registry.
The crux of the issue lies in certain identities having privileges to edit Google Cloud Run revisions without appropriate container registry access permissions. Each deployment or update creates a new version of a Cloud Run service, during which a service agent account retrieves images needed for the service. Matan details how an attacker could leverage permissions like run.services.update and iam.serviceAccounts.actAs to modify a Cloud Run service, giving them the capability to deploy new revisions that could pull any private container image within the project.
This security flaw not only allows unauthorized access to sensitive images but also opens avenues for attackers to introduce malicious instructions. Once executed, these could facilitate data exfiltration or even establish a reverse shell connection to an attacker-controlled machine, raising alarms for businesses reliant on Google Cloud for their operations.
To mitigate this risk, Google’s patch ensures that any user or service account creating or updating a Cloud Run resource must now possess explicit permissions to access the corresponding container images. The revised guidelines recommend that when utilizing the Artifact Registry, users must be assigned the Artifact Registry Reader role to deploy container images securely.
Tenable’s insights categorize the ImageRunner vulnerability as part of a broader concern dubbed “Jenga,” a phenomenon which illustrates how interconnected cloud services can propagate security risks between them. Security failures in one service can have cascading effects, placing multiple layers of infrastructure at risk. Matan describes this interconnectedness as creating numerous potential pathways for attackers to discover new privilege escalation opportunities, escalating the challenges defenders face in securing their environments.
This disclosure arrives in the wake of similar security findings; for instance, Praetorian recently revealed multiple methods for lower-privilege accounts to gain control over Azure virtual machines. Such scenarios emphasize the ongoing necessity for rigorous security measures as threats evolve in complexity and sophistication.
In summary, as cloud service providers like Google and Azure continue to enhance their offerings, the inherent risks associated with these interconnected platforms demand vigilant attention from security professionals and business owners alike. Awareness and proactive measures are imperative to safeguard sensitive data and maintain operational integrity.