A serious security vulnerability, now fixed, that has interested Google Cloud Platform (GCP) Composer could have been exploited to remotely execute code on cloud servers via a supply chain attack technique called dependency confusion.
The vulnerability has been named CloudImposer from the Tenable research team.
What is the Google Cloud Platform (GCP) vulnerability?
“The vulnerability [di GCP] could have allowed an attacker to hijack an internal software dependency that Google pre-installed on every Google Cloud Composer pipeline orchestration tool,” has declared security researcher Liv Matan in a report.
The dependency confusion (also known as a replacement attack), documented for the first time by cybersecurity researcher Alex Birsan in February 2021, refers to a type of software supply chain compromise in which a package manager is tricked into downloading a malicious package from a public repositoryinstead of the expected file with the same name from an internal repository.
So, a cybercriminal could orchestrate an attack on the supply chain on a large scale publishing a counterfeit package on a public repository with the same name as a package developed internally by companies, but with a higher version number.
This, in turn, causes the package manager discharges unknowingly the malicious package from the public repository instead of the private one, effectively replacing the existing package dependency with its malicious counterpart.
A similar issue to CloudImposer exploits Google Cloud Platform (GCP) to distribute malicious Python packages
The problem identified from Tenable is similar, in that it could be exploited to upload a malicious package to the Python Package Index (PyPI) repository with the name “google-cloud-datacatalog-lineage-producer-client,” which could then be preinstalled on all elevated Composer instances.
While Cloud Composer requires that the package in question be fixed at a specific version (i.e., version 0.1.0), Tenable has discovered that using the “–extra-index-url” argument during a “pip install” command (which are typical Linux commands, usually, but can also be used on PowerShell, after installing Python) gives priority to retrieving the package from the public registry, thus opening the door to dependency confusion.
Endowed with this privilege, Attackers could execute code, exfiltrate service account credentials, and move laterally in the victim’s environment to other GCP services.
The final resolution to the Google Cloud Platform (GCP) problem
Following a responsible disclosure on January 18, 2024, Google fixed the issue in May 2024 by ensuring that the package is only installed from a private repository and also added the additional precaution of verifying the packet’s checksum to confirm its integrity and validate that it has not been tampered with.
The Python Packaging Authority (PyPA) is believed to have been aware of the risks posed by the “–extra-index-url” argument since at least March 2018, urging users to avoid using PyPI in cases where internal packages need to be retrieved.
“Packages must be unique in name and version, so two packages with the same name and version are treated as indistinguishable by pip“, has observed a member of PyPA at the time. “This is a deliberate feature of the package metadata and is not likely to change..”
Google, as part of its fix, now also recommends developers to use the topic “–index-url” instead of “–extra-index-url” and for GCP customers to use a virtual Artifact Registry repository when they need multiple repositories.
“The ‘–index-url’ argument reduces the risk of dependency confusion attacks searching for packages only in the registry defined as the value for that argument,” Matan said.
#GCP #CloudImposer #Vulnerability #Patched #Google