Tenable, the cloud exposure management company, has identified a privilege escalation vulnerability in Google Cloud Run called ImageRunner. The vulnerability could have allowed attackers to bypass permissions, gain unauthorized access to container images and potentially expose sensitive data.
Cloud Run, Google’s serverless container platform, uses a service agent with elevated permissions to pull private Google Container Registry or Artifact Registry images. According to Tenable researchers, an attacker with edit permissions on Cloud Run could exploit these inherited permissions to retrieve a container image and use it to deploy applications, demonstrating the risks associated with cloud service interdependencies.
ImageRunner exemplifies what Tenable has coined the Jenga® Concept, the tendency for cloud providers to build services on top of one another, thus security risks and weaknesses in one layer cascade into other services.
“In the game of Jenga®, removing a single block can undermine the entire structure,” said Liv Matan, Senior Security Researcher at Tenable. “Cloud services function similarly if one component has risky default settings, those risks can trickle down to dependent services, increasing the risk of security breaches.”
Potential Impact of ImageRunner Exploitation
If exploited, ImageRunner could allow attackers to:
- Inspect private container images, extracting sensitive information or secrets.
- Modify deployment parameters to execute unauthorised code.
- Exfiltrate critical data for cyberespionage or malicious activities.
Recommendations for Security Team
While no user action is required to mitigate ImageRunner, Tenable recommends organisations to:
- Follow the least privilege model to prevent unnecessary permission inheritance.
- Map hidden dependencies between cloud services using tools like Jenganizer.
- Regularly review logs to detect suspicious access patterns.
“The discovery of ImageRunner reinforces the need for proactive cloud security measures. As cloud environments grow more complex, security teams must anticipate and mitigate risks before attackers exploit them,” added Matan.
Tenable® is the exposure management company, exposing and closing the cybersecurity gaps that erode business value, reputation and trust. The company’s AI-powered exposure management platform radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to protect against attacks from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. By protecting enterprises from security exposure, Tenable reduces business risk for approximately 44,000 customers around the globe.
Learn more at tenable.com.
