India, April 23 -- The privilege escalation vulnerability in Google Cloud Composer (GCP) named ConfusedComposer exploits hidden cloud service dependencies

Tenable, a cloud exposure management company, has uncovered a privilege escalation vulnerability in Google Cloud Composer (GCP) named ConfusedComposer. The vulnerability lets attackers with edit permissions in Cloud Composer to escalate privileges and gain access to a high-level service account with broad permissions across GCP.

Cloud Composer uses Cloud Build, a fully managed continuous integration and delivery (CI/CD) service in GCP, to install custom PyPI packages, using a highly privileged default Cloud Build service account. According to the Tenable Research findings, attackers w...