Photo: Tada Images / Shutterstock.com
A recently patched vulnerability in the Google Cloud Platform (GCP) orchestration tool, CloudImposer, could have exposed users to remote code execution (RCE) attacks. The flaw was discovered earlier this year and has now been addressed by Google following responsible disclosure.
The vulnerability is caused by a supply chain attack technique known as ‘dependency confusion.’ The attack could have allowed malicious actors to hijack software dependencies pre-installed in Google Cloud Composer, a pipeline orchestration tool that manages data workflows.
Dependency confusion exploits a common weakness in package management systems. First documented by researcher Alex Birsan in 2021, this attack manipulates package managers into downloading malicious packages from public repositories instead of legitimate internal ones.
The malicious package often shares the same name as the internal dependency but is given a higher version number, tricking the package manager into installing it.
“Supply chain attacks in the cloud are exponentially more harmful than on-premises. For example, one malicious package in a cloud service can be deployed to – and harm – millions of users,” researchers cautioned.
The CloudImposer flaw leveraged this technique. Attackers could upload a counterfeit package named ‘google-cloud-datacatalog-lineage-producer-client’ to the public Python Package Index (PyPI) repository.
When the Composer initiated a package install command, the system, under specific conditions, prioritised the public repository package, leading to the potential execution of rogue code.
The consequences of such a compromise are significant. Once the malicious package is installed, attackers could execute arbitrary code on composer instances, access sensitive credentials, and potentially move laterally to other Google cloud services, opening doors to widespread cloud infrastructure compromises.
While the Cloud Composer version pinned the package at version 0.1.0, the user of the ‘–extra-index-url’ argument in the pip installation process created the vulnerability. The argument allowed Composer to search for packages in public repositories, increasing the risk of dependency confusion.
Google’s solution now enforces that the vulnerable package is exclusively installed from private repositories, eliminating the risk of confusion. In addition, developers are urged to use the ‘–index-url’ argument, which restricts package fetching to specific repositories.
To bolster security, Google also introduced a checksum verification process, which ensures the integrity of packages and prevents tampering.
The risks associated with the ‘–extra-index-url’ argument have been known since March 2018, according to the Python Packaging Authority (PyPA). Despite this awareness, the vulnerability persisted in certain configurations, particularly within cloud-based orchestration systems like Composer.
As a precaution, Google now advises GCP users to leverage Artifact Registry virtual repositories when multiple sources are required, reducing exposure to public repositories.
In the News: WazirX hack wallet traced to verified Binance account
