Google Resolves GCP Composer Vulnerability That Could Have Resulted in Remote Code Execution
An already-resolved critical security weakness affecting Google Cloud Platform (GCP) Composer had the potential for enabling remote code execution on cloud servers through a supply chain assault method known as dependency confusion.
The security flaw has been assigned the name CloudImposer by Tenable Research.
“The security flaw could have permitted a malicious actor to take control of an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool,” said Liv Matan, a security researcher, in a publication shared with The Hacker News.
Dependency confusion (also known as substitution attack), initially detailed by security researcher Alex Birsan in February 2021, describes a form of software supply chain compromise where a package manager is deceived into retrieving a malevolent package from a public repository instead of the desired file of the same name from an internal repository.
Thus, a threat actor could orchestrate a widespread supply chain attack by releasing a forged package to a public package repository with the identical name as a package internally developed by organizations but with a higher version number.
This manipulation leads the package manager to inadvertently fetch the malicious package from the public repository instead of the private one, effectively substituting the existing package dependency with its rebellious counterpart.
The issue highlighted by Tenable is akin in that it could be misused to upload a detrimental package to the Python Package Index (PyPI) repository under the name “google-cloud-datacatalog-lineage-producer-client,” which could then be preinstalled on all Composer instances with elevated privileges.
While Cloud Composer necessitates the package in question to be version-pinned (specifically version 0.1.0), Tenable discovered that utilizing the “–extra-index-url” parameter during a “pip install” command prioritizes retrieving the package from the public registry, thereby creating a vulnerability to dependency confusion.
Empowered with this authorization, attackers could execute code, extract service account credentials, and traverse horizontally within the victim’s environment to other GCP services.
Subsequent to responsible disclosure on January 18, 2024, Google rectified the issue in May 2024 by ensuring the package is solely installed from a private repository. Moreover, it introduced the additional measure of validating the package’s checksum to verify its integrity and ensure it has not been tampered with.
The Python Packaging Authority (PyPA) was reportedly cognizant of the hazards posed by the “–extra-index-url” parameter since at least March 2018, advising users to refrain from using PyPI in scenarios where the internal package needs to be retrieved.
“Packages are anticipated to be distinct up to name and version, hence two wheels with the same package name and version are perceived as indistinguishable by pip,” stated a PyPA member during that period. “This is an intentional attribute of the package metadata and improbable to change.”
As part of the resolution, Google now suggests developers employ the “–index-url” parameter instead of the “–extra-index-url” parameter and advises GCP clients to utilize an Artifact Registry virtual repository when necessitating multiple repositories.
“The ‘–index-url’ parameter diminishes the risk of dependency confusion attacks by purely searching for packages in the registry outlined by a specified value of that argument,” mentioned Matan.
About Author
