A now-patched essential security flaw impacting Google Cloud Platform (GCP) Composer may have been exploited to attain distant code execution on cloud servers by the use of a provide chain assault approach known as dependency confusion.
The vulnerability has been codenamed CloudImposer by Tenable Analysis.
“The vulnerability may have allowed an attacker to hijack an inside software program dependency that Google pre-installs on every Google Cloud Composer pipeline-orchestration device,” security researcher Liv Matan stated in a report shared with The Hacker Information.
Dependency confusion (aka substitution assault), which was first documented by security researcher Alex Birsan in February 2021, refers to a kind of software program provide chain compromise wherein a package deal supervisor is tricked into pulling a malicious package deal from a public repository as an alternative of the meant file of the identical title from an inside repository.
So, a risk actor may stage a large-scale provide chain assault by publishing a counterfeit package deal to a public package deal repository with the identical title as a package deal internally developed by corporations and with the next model quantity.
This, in flip, causes the package deal supervisor to unknowingly obtain the malicious package deal from the general public repository as an alternative of the personal repository, successfully changing the prevailing package deal dependency with its rogue counterpart.
The issue recognized by Tenable is analogous in that it might be abused to add a malicious package deal to the Python Bundle Index (PyPI) repository with the title “google-cloud-datacatalog-lineage-producer-client,” which may then be preinstalled on all Composer cases with elevated permissions.
Whereas Cloud Composer requires that the package deal in query is version-pinned (i.e., model 0.1.0), Tenable discovered that utilizing the “–extra-index-url” argument throughout a “pip set up” command prioritizes fetching the package deal from the general public registry, thereby opening the door to dependency confusion.
Armed with this privilege, attackers may execute code, exfiltrate service account credentials, and transfer laterally within the sufferer’s atmosphere to different GCP providers.
Following accountable disclosure on January 18, 2024, it was fastened by Google in Could 2024 by making certain that the package deal is barely put in from a non-public repository. It has additionally added the additional precaution of verifying the package deal’s checksum with a purpose to affirm its integrity and validate that it has not been tampered with.
The Python Packaging Authority (PyPA) is claimed to have been conscious of the dangers posed by the “–extra-index-url” argument since at the very least March 2018, urging customers to skip utilizing PyPI in instances the place the inner package deal must be pulled.
“Packages are anticipated to be distinctive as much as title and model, so two wheels with the identical package deal title and model are handled as indistinguishable by pip,” a PyPA member famous on the time. “This can be a deliberate function of the package deal metadata, and never more likely to change.”
Google, as a part of its repair, now additionally recommends that builders use the “–index-url” argument as an alternative of the “–extra-index-url” argument and that GCP clients make use of an Artifact Registry digital repository when requiring a number of repositories.
“The ‘–index-url’ argument reduces the danger of dependency confusion assaults by solely trying to find packages within the registry that was outlined as a given worth for that argument,” Matan stated.
