Google fixes Cloud Composer privilege escalation vulnerability

Tenable Uncovers Privilege Escalation Vulnerability in Google Cloud

Tenable, the cloud exposure management company, has uncovered a privilege escalation vulnerability in Google Cloud Composer (GCP) named ConfusedComposer. The vulnerability lets attackers with edit permissions in Cloud Composer to escalate privileges and gain access to a high-level service account with broad permissions across GCP. Cloud Composer uses Cloud Build, a fully managed continuous integration and delivery (CI/CD) service in GCP, to inst…

Tenable reveals privilege risk in Google Cloud Composer flaw

Tenable Research revealed a privilege escalation flaw in Google Cloud Composer, risking unauthorised access to key cloud resources before Google's fix.

Tenable uncovers privilege escalation vulnerability in Google Cloud - Express Computer

Tenable has uncovered a privilege escalation vulnerability in Google Cloud Composer (GCP) named ConfusedComposer. The vulnerability lets attackers with edit permissions in Cloud Composer to escalate privileges and gain access to a high-level service account with broad permissions across GCP. The post Tenable uncovers privilege escalation vulnerability in Google Cloud appeared first on Express Computer.

Tenable Research Exposes ConfusedComposer, A Privilege Escalation Vulnerability in Google Cloud Platform

ConfusedComposer Exploits Hidden Cloud Service Dependencies Tenable, the cloud exposure management company, has uncovered a privilege escalation vulnerability in Google Cloud Composer (GCP) named ConfusedComposer. The vulnerability lets attackers with…

Tenable uncovers privilege escalation vulnerability in Google Cloud - CRN

Tenable, the cloud exposure management company, has uncovered a privilege escalation vulnerability in Google Cloud Composer (GCP) named ConfusedComposer. The vulnerability lets attackers with edit permissions in Cloud Composer to […] The post Tenable uncovers privilege escalation vulnerability in Google Cloud appeared first on CRN

Google Cloud Composer Flaw Allows Attackers to Gain Elevated Privileges

Research disclosed a now-patched high-severity vulnerability in Google Cloud Platform’s (GCP) Cloud Composer service, dubbed ConfusedComposer. It could have allowed attackers to hijack cloud workflows and gain control over critical resources. The flaw highlights risks in automated cloud service orchestration. What Is ConfusedComposer? Cloud Composer, GCP’s managed Apache Airflow service for workflow automation, relies on Cloud […] The post Googl…