Google Cloud Build Vulnerability Enables Data Destruction Across Projects www.vulnu.com/p/google-…

Researchers at Cisco Talos have uncovered a critical vulnerability in Google Cloud Platform’s Cloud Build service that could allow attackers to delete or encrypt data across multiple projects with minimal permissions.

The flaw stems from overly permissive default settings, which is how many public cloud vulnerabilities start.

In a detailed blog post published today, Talos researchers demonstrated how an attacker with only the ability to create and run Cloud Build jobs could potentially delete entire storage buckets or encrypt objects using customer-provided keys. The attack leverages the default service account permissions granted to Cloud Build, which allow it to execute any gcloud command the service account has access to.