A nasty Google Cloud bug could let hackers use it to launch attacks

Cybersecurity researchers from Orca Security have uncovered a new bug in the Google Cloud Build service which could allow threat actors to gain almost full access to Google Artifact Registry code repositories. The repercussions of the flaw, the researchers are saying in their report, are quite dire. 

The researchers named the vulnerability Bad.Build, saying it allows threat actors to impersonate the service account for the Google Cloud Build managed continuous integration and delivery service (CI/CD). This, in turn, lets them run API calls against the artifact registry, effectively seizing control over application images. 

Leave a Reply

Your email address will not be published. Required fields are marked *