Monday, May 19, 2025
HomeCloudGoogle Cloud Composer Flaw Allows Attackers to Gain Elevated Privileges

Google Cloud Composer Flaw Allows Attackers to Gain Elevated Privileges

Published on

SIEM as a Service

Follow Us on Google News

Research disclosed a now-patched high-severity vulnerability in Google Cloud Platform’s (GCP) Cloud Composer service, dubbed ConfusedComposer.

It could have allowed attackers to hijack cloud workflows and gain control over critical resources. The flaw highlights risks in automated cloud service orchestration.

What Is ConfusedComposer?

Cloud Composer, GCP’s managed Apache Airflow service for workflow automation, relies on Cloud Build (GCP’s CI/CD tool) to install custom Python PyPI packages.

- Advertisement - Google News

Tenable found that an attacker with the composer.environments.update permission could inject a malicious PyPI package into a Composer environment.

When Cloud Build installs such packages, it automatically runs pre-/post-installation scripts via Python’s Pip tool.

Attackers could exploit this to execute arbitrary code within the Cloud Build instance tied to the default Cloud Build service account—a highly privileged identity with permissions to:

  • Modify Cloud Build pipelines
  • Access Cloud Storage buckets
  • Manipulate Artifact Registry containers
  • Deploy code across projects

Attack Workflow: From Package Upload to Full Compromise

  1. Injection: Attacker adds a malicious PyPI package to a Composer environment.
  2. Execution: Cloud Build installs the package, triggering embedded scripts.
  3. Token Theft: Scripts query GCP’s metadata server to steal the Cloud Build service account token.
  4. Escalation: Attacker uses the token to impersonate the service account, potentially taking over the entire project.
When Cloud Build installs this package in an attempt to build the environment, it uses Pip. 
When Cloud Build installs this package in an attempt to build the environment, it uses Pip. 

“This bypassed the need for direct access to Cloud Build or Composer service accounts,” said Tenable researcher Gavin Milnthorpe. “The trusted automation pipeline became the attack vector.”

Google resolved the flaw by reconfiguring Composer to use its own service account (with limited permissions) instead of the default Cloud Build account during PyPI installations. Key actions include:

  • Rolling out patches for new Composer environments as of March 2025.
  • Requiring existing instances to update by April 2025.
  • Updating Composer documentation on access control and dependency management.

ConfusedComposer follows 2024’s ConfusedFunction vulnerability, part of a pattern Tenable calls Jenga®-style attacks.

These exploit hidden permissions in cloud services that automatically provision resources (e.g., serverless functions, CI/CD pipelines).

“Cloud providers abstract complexity, but this creates blind spots,” Milnthorpe noted. “Attackers chain these ‘behind-the-scenes’ services to escalate access.”

  • Update Composer: Ensure environments are patched to use the restricted service account.
  • Audit Permissions: Limit composer.environments.update to trusted users.
  • Monitor Cloud Build: Restrict default service account permissions via IAM.

Google confirmed no active exploits were detected before the patch. However, the flaw underscores the need for rigorous oversight in multi-service cloud environments.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Google Reveals Hackers Targeting US Following UK Retailer Attacks

The Google Threat Intelligence Group (GTIG) recently revealed that the well-known hacker collective UNC3944,...

Skitnet Malware Employs Stealth Techniques to Execute Payload and Maintain Persistence Techniques

A new and highly sophisticated multi-stage malware, known as Skitnet (or Bossnet), has been...

Hackers Exploit RVTools to Deploy Bumblebee Malware on Windows Systems

A reliable VMware environment reporting tool, RVTools, was momentarily infiltrated earlier this week on...

Confluence Servers Under Attack: Hackers Leverage Vulnerability for RDP Access and Remote Code Execution

Threat actors exploited a known vulnerability, CVE-2023-22527, a template injection flaw in Atlassian Confluence...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Google Reveals Hackers Targeting US Following UK Retailer Attacks

The Google Threat Intelligence Group (GTIG) recently revealed that the well-known hacker collective UNC3944,...

Skitnet Malware Employs Stealth Techniques to Execute Payload and Maintain Persistence Techniques

A new and highly sophisticated multi-stage malware, known as Skitnet (or Bossnet), has been...

Hackers Exploit RVTools to Deploy Bumblebee Malware on Windows Systems

A reliable VMware environment reporting tool, RVTools, was momentarily infiltrated earlier this week on...