A significant security vulnerability, known as 'ImageRunner', was identified in Google Cloud Platform affecting Google Artifact Registry and Google Container Registry. The issue allowed escalated privileges to access private container images, risking data leaks and unauthorized access. Although fixed, the vulnerability could enable attackers to exploit permissions via Cloud Run to extract sensitive information or infiltrate cloud resources. The exploit required specific Cloud Run edit permissions and could be utilized to create a malicious revision to exfiltrate data or compromise the service. Google addressed this by requiring explicit permissions for accessing container images during Cloud Run deployments.
Source: https://cybersecuritynews.com/google-cloud-platform-privilege-escalation-vulnerability/
"id": "goo554040225",
"linkid": "google",
"type": "Vulnerability",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"