Summary: Google Cloud has patched a privilege escalation vulnerability known as ImageRunner, which could allow attackers to access sensitive information via its Cloud Run platform. Discovered by Tenable, the issue was communicated to customers in November 2024 and fully addressed by a security enhancement on January 28, 2025. The vulnerability could have enabled unauthorized access to proprietary images and the extraction of sensitive data.
Affected: Google Cloudโs Cloud Run platform
Keypoints :
- ImageRunner vulnerability allows attackers with certain permissions to modify Cloud Run services.
- The flaw could enable attackers to access sensitive or proprietary images, potentially extracting secrets.
- Security enhancements now ensure IAM checks are in place for reading container images during deployments.
Source: https://www.securityweek.com/imagerunner-flaw-exposed-sensitive-information-in-google-cloud/