#CloudImposer

‘CloudImposer’ Flaw in Google Cloud Affected Millions of Servers

by

September 17, 2024 at 11:33AM Google has patched a vulnerability in its Google Cloud Platform (GCP) that could have led to supply chain attacks on customer cloud servers. Researchers discovered the flaw, dubbed “CloudImposer,” in GCP’s Cloud Composer service, posing a dependency confusion risk. Google addressed the issue by fixing the vulnerable script and updating … Read more

Dependency Confusion Could Have Led to RCE in Google Cloud Platform

by

September 17, 2024 at 09:15AM Tenable revealed details of the CloudImposer attack method, which could have led to remote code execution on Google Cloud Platform (GCP). The attack exploited a Python argument to carry out a dependency confusion attack. After reporting the vulnerability, Google promptly patched the RCE bug and updated its documentation to mitigate … Read more