A critical security flaw that impacted Google Cloud Platform (GCP) Composer has been patched, preventing remote code execution on cloud servers through a supply chain attack technique known as dependency confusion.
Tenable Research named this vulnerability CloudImposer.
“The flaw could have allowed an attacker to take control of an internal software dependency pre-installed on each Google Cloud Composer pipeline-orchestration tool,” explained security researcher Liv Matan in a report shared with The Hacker News.
Dependency confusion, as documented by security researcher Alex Birsan in February 2021, involves a package manager being tricked into fetching a malicious package from a public repository instead of the intended file from an internal repository.
An attacker could carry out a supply chain attack by uploading a counterfeit package to a public repository with the same name as an internally developed package but with a higher version number.
By doing so, the package manager unknowingly downloads the malicious package from the public repository instead of the private repository, replacing the existing package with a rogue version.
The issue identified by Tenable allowed for uploading a malicious package to the Python Package Index (PyPI) repository with a specific name, which was then preinstalled on all Composer instances with elevated permissions.
Even though Cloud Composer requires a version-pinned package, using the “–extra-index-url” argument during a “pip install” command prioritizes fetching the package from the public registry, facilitating dependency confusion.
With this access, attackers could execute code, steal service account credentials, and navigate to other GCP services within the victim’s environment.
Google fixed the flaw in May 2024 by ensuring the package is installed only from a private repository and verifying its checksum to maintain integrity and prevent tampering.
The Python Packaging Authority recommends using the “–index-url” argument instead of “–extra-index-url” and advises GCP customers to use an Artifact Registry virtual repository for multiple repositories.
“The ‘–index-url’ argument reduces the risk of dependency confusion attacks by only searching for packages in the defined registry value,” Matan added.
