ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
Published Tue, Apr 1st, 2025
Platforms
Summary
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without explicit registry access could deploy new revisions of Cloud Run services that pulled private container images stored in the same GCP project. This was possible because Cloud Run uses a service agent with the necessary registry read permissions to retrieve these images, regardless of the caller’s access level. By updating a service revision and injecting malicious commands into the container's arguments (e.g., using Netcat for reverse shell access), attackers could extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent’s trust model, which did not enforce a separate registry permission check on the deploying identity. Google has since modified this behavior to require that the identity updating the Cloud Run resource also has explicit Artifact Registry Reader or Storage Object Viewer roles.
Affected Services
Cloud Run
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/mer-b
Entry Status
Finalized
Disclosure Date
Mon, Nov 25th, 2024
Exploitability Period
Until 2025/01/25
Known ITW Exploitation
-
Detection Methods
None
Piercing Index Rating
-
Discovered by
Liv Matan, Tenable
