Google has addressed a critical security flaw in its Cloud Platform (GCP) Composer that could have been exploited to achieve remote code execution through a dependency confusion attack. The vulnerability, dubbed CloudImposer by Tenable Research, involved GCP Composer’s default configuration, which allowed for the possibility of installing malicious software dependencies from public repositories like PyPI. The flaw could have been abused to replace legitimate internal packages with counterfeit ones, potentially giving attackers the ability to run malicious code on cloud servers.
Dependency confusion, also known as a substitution attack, occurs when a package manager is tricked into downloading a malicious package from a public repository instead of the intended one from a private repository. In this case, attackers could have uploaded a malicious package named “google-cloud-datacatalog-lineage-producer-client” to PyPI, which could then be pre-installed on GCP Composer instances with elevated permissions. Once installed, the rogue package could have allowed attackers to execute arbitrary code, exfiltrate sensitive service account credentials, and move laterally within the victim’s environment to compromise other GCP services.
The vulnerability was disclosed by Tenable to Google in January 2024, and by May 2024, Google had rolled out a fix. To address the issue, Google ensured that the affected package is only installed from a private repository. Additionally, it added safeguards like verifying the package’s checksum to confirm its integrity and prevent tampering. The Python Packaging Authority (PyPA) had been aware of the risks posed by the –extra-index-url argument, used during package installations, since 2018 but had not changed its package metadata behavior. Google’s fix now advises developers to use the –index-url argument, which limits package searches to specific repositories, thereby reducing the risk of dependency confusion.
With this patch, Google also recommends that GCP customers leverage Artifact Registry virtual repositories when working with multiple repositories. These changes aim to bolster the security of GCP Composer, ensuring that the platform’s dependency management process is more robust against supply chain attacks, a growing concern in cloud security.
