In a significant security update, Google has patched a critical vulnerability in its Cloud Platform (GCP) Composer service. This flaw, identified by Tenable Research and labeled as CloudImposer, had the potential for attackers to execute remote code on GCP servers. Exploitation routes included a supply chain attack method termed dependency confusion.
The vulnerability allowed malicious actors to hijack software packages pre-loaded in Google Cloud Composer orchestration tools. According to Liv Matan, a security researcher at Tenable, attackers could deploy a counterfeit package with a higher version number in a public repository, compelling the package manager to download it instead of the intended internal version.
This type of attack, known as dependency confusion, was initially highlighted by security expert Alex Birsan in early 2021. It exploits a compromise in software supply chains, tricking package managers into installing harmful packages from open-access repositories instead of the more secure internal versions.
In this case, the vulnerability gave rise to the risk of publishing a malicious package to the Python Package Index (PyPI) under the name “google-cloud-datacatalog-lineage-producer-client.” If executed, this could lead to the package being automatically installed across all Composer instances, granting elevated permissions to attackers.
Despite Cloud Composer’s requirement for fixed package versions to mitigate risks, Tenable determined that specifying the “–extra-index-url” argument during package installation could inadvertently favor public sources. This misconfiguration unlocked a pathway for dependency confusion attacks, allowing attackers to potentially execute harmful code, steal service account credentials, and navigate laterally within the GCP ecosystem.
This concern was formally disclosed to Google on January 18, 2024, and a resolution was implemented by May of the same year. The update ensured that packages are exclusively installed from private repositories with an added layer of integrity verification through checksum checks.
Furthermore, the Python Packaging Authority (PyPA) has been aware of the risks associated with the “–extra-index-url” option since at least March 2018. They have recommended avoiding PyPI access when fetching internal packages.
In light of these events, Google advises developers to utilize the “–index-url” argument as a safer alternative. This adjustment minimizes the risk of dependency confusion by restricting searches to predefined repositories.
From an analytical perspective, this incident exemplifies adversary tactics such as initial access and privilege escalation, as categorized by the MITRE ATT&CK framework. By leveraging techniques that exploit software supply chains, attackers can gain unauthorized access and elevate their privileges within cloud environments, raising significant cybersecurity concerns.
