Full Report
Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull private Google Artifact
Analysis Summary
# Vulnerability: GCP Cloud Run Privilege Escalation via Revision Edit (ImageRunner)
## CVE Details
- CVE ID: Not explicitly stated in the article.
- CVSS Score: Not explicitly stated in the article. Based on the description (affecting image access/code injection in cloud environments), it is likely High severity.
- CWE: CWE-284 (Improper Access Control) or CWE-269 (Improper Privilege Management) are plausible, stemming from reliance on interconnected service permissions.
## Affected Systems
- Products: Google Cloud Platform (GCP) Cloud Run
- Versions: Undisclosed, prior to the fix deployed on or around January 28, 2025.
- Configurations: Cloud Run services deployed or updated by specific identities lacking explicit container registry permissions but possessing `run.services.update` and `iam.serviceAccounts.actAs` permissions within the same GCP project.
## Vulnerability Description
The vulnerability, codenamed **ImageRunner**, exists in Google Cloud Run where an identity with permission to edit Cloud Run revisions (`run.services.update`) but lacking explicit permissions to read container images from Google Artifact Registry or Google Container Registry could still force a new revision deployment. When deploying, the service agent account used to pull images would do so under the context of the user/identity performing the update. This allowed the attacker to specify *any* private container image within the same GCP project for the service to pull, effectively leading to unauthorized access to proprietary images and potential code injection into the running service.
## Exploitation
- Status: Details on active exploitation in the wild are not provided, but the condition for exploitation is clearly defined. The vulnerability disclosure implies potential for exploitation.
- Complexity: Likely Medium, as it requires specific prerequisite IAM permissions (`run.services.update` + `iam.serviceAccounts.actAs`).
- Attack Vector: Network (via API/management plane actions).
## Impact
- Confidentiality: High (Access to sensitive/proprietary container images, potential secret extraction).
- Integrity: High (Ability to inject malicious code into the deployed container).
- Availability: Medium (Potential disruption if malicious image executes disruptive code).
## Remediation
### Patches
- Google addressed the issue around January 28, 2025. The patch enforces that the principal (user or service account) creating or updating a Cloud Run resource must have explicit permission to access the specified container image(s).
### Workarounds
- For Artifact Registry deployments, ensure the principal deploying/updating the Cloud Run service has the **Artifact Registry Reader (`roles/artifactregistry.reader`)** IAM role on the project or specific repository containing the images.
## Detection
- Indicators of Compromise: Unauthorized service account activity related to image pulling from registries immediately following a Cloud Run revision update performed by a lower-privileged identity.
- Detection Methods and Tools: Reviewing IAM policies for principals possessing both `run.services.update` and `iam.serviceAccounts.actAs` without subsequent image reader roles. Monitoring Cloud Audit Logs for deployment actions that reference images the acting principal should not normally access.
## References
- [Tenable Report on ImageRunner (Defanged)](https://www.tenable.com/blog/imagerunner-a-privilege-escalation-vulnerability-impacting-gcp-cloud-run)
- [Google Cloud Run Release Notes - January 2025 (Defanged)](https://cloud.google.com/run/docs/release-notes#January_13_2025)