Specialists from Tenable have recently uncovered a serious vulnerability in the Google Cloud Platform (GCP) Composer, potentially exposing it to remote code execution during real-world attacks.
GCP Composer is a managed service designed for automating and overseeing workflow processes in the cloud, widely utilized for organizing data and running applications across distributed environments. It allows users to create intricate data processing scenarios with seamless integration into other Google Cloud services.
The vulnerability, dubbed Cloudimposer, is linked to a supply chain attack tactic known as Dependency Confusion. Liv Matan, a security researcher at Tenable, explained that cyber attackers could hijack internal dependencies utilized by Google in all instances of GCP Composer, enabling them to inject malicious code into cloud workflows.
Dependency Confusion involves an attack method where package managers retrieve a counterfeit package from a public repository instead of an internal one when the counterfeit version appears higher. This vulnerability, first described by researcher Alex Birsan in 2021, has already resulted in significant incidents within software supply chains.
As detailed by Tenable, attackers could upload a counterfeit package to the public Python Package Index (PyPi) under the name Google-Cloud-DataCatalog-Lineage-Produce-Client. This package could then be automatically installed on all GCP Composer instances with elevated privileges, providing attackers with extensive capabilities.
Despite GCP Composer’s use of fixed package versions, researchers discovered that by utilizing the PIP Install command with the “–Extra-index-URL” argument, the system prioritizes public repositories, thereby allowing attackers to compromise dependency substitutions. This could potentially lead to arbitrary code execution and unauthorized access to sensitive data and other Google Cloud services.
Following the responsible disclosure of the issue in January 2024, Google promptly released a patch in May. As a preventive measure, packages are now exclusively sourced from private repositories, and additional checksum verification mechanisms have been implemented for enhanced security. Google has also advised developers to utilize the “–index-URL” argument instead of “–Extra-index-Url to mitigate the risks associated with supply chain attacks.