Summary: A vulnerability in Google Cloud Platform’s Cloud Run allowed malicious actors to access and inject code into container images. This privilege escalation risk, termed ImageRunner, has been addressed following Google’s responsible disclosure on January 28, 2025. The patch ensures that any user or service account must have explicit permission to access container images before updating or creating Cloud Run resources.
Affected: Google Cloud Platform (GCP) Cloud Run
Keypoints :
- The ImageRunner vulnerability permitted attackers to modify Cloud Run services and pull private container images.
- Attackers could introduce malicious code, enabling data exfiltration and opening reverse shells on victim machines.
- The patch now requires explicit permissions for access to container images, reducing the risk of such compromise.
Source: https://thehackernews.com/2025/04/google-fixed-cloud-run-vulnerability.html
Views: 10
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português