India, April 2 -- Security Flaw Highlights The Cascading Risks Of Cloud Service Dependencies

Tenable has identified a privilege escalation vulnerability in Google Cloud Run called ImageRunner. The vulnerability could have allowed attackers to bypass permissions, gain unauthorised access to container images and potentially expose sensitive data.

Cloud Run, Google's serverless container platform, uses a service agent with elevated permissions to pull private Google Container Registry or Artifact Registry images. According to Tenable researchers, an attacker with edit permissions on Cloud Run could exploit these inherited permissions to retrieve a container image and use it to deploy applications, demonstrating the risks associated with cl...