In response to this vulnerability, Google has updated the default behavior of Cloud Build to use the Compute Engine default service account mitigating the risk of misuse for new deployments. However, this fix does not apply to existing instances which still face potential security risks. Despite the fix, deploying a Cloud Function continues to trigger the creation of various GCP services necessitating the assignment of minimum, yet relatively broad permissions to the Cloud Build service account thus not eliminating the risk.

This incident underscores the complexity and inter-service communication issues within cloud providers' services that can lead to security vulnerabilities. While the ConfusedFunction vulnerability's severity has been reduced for future deployments the residual risk in existing instances highlights the need for users to remain vigilant and apply stringent security measures. Moreover, it serves as a reminder of the importance of responsible disclosure and prompt patching to safeguard against potential threats.

In related developments, researchers disclosed a medium-severity cross-site scripting (XSS) flaw in the Oracle Integration Cloud Platform resolved by Oracle in its latest Critical Patch Update. Additionally, researchers discovered three vulnerabilities in the ServiceNow cloud computing platform (CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217) which could be combined into an exploit chain to gain full database access and execute arbitrary code. These findings emphasize the ongoing need for robust security practices and continuous monitoring to protect cloud infrastructure from emerging threats.

Impact

• Information Disclosure
• Sensitive Data Theft
• Privilege Escalation
• Unauthorized Access

Affected Vendors

Google

Remediation

• Ensure Cloud Build uses the Compute Engine default service account for new deployments to prevent misuse.
• Regularly audit and minimize permissions for Cloud Build service accounts, granting only the necessary access.
• Check existing Cloud Functions for potential exploitation and apply necessary security updates.
• Use RBAC to tightly control who can create or update Cloud Functions and manage service accounts.
• Use automated tools to continuously monitor and audit cloud environments for excessive permissions and potential misconfigurations.
• Implement continuous monitoring solutions to detect and respond to suspicious activities and anomalies in real time.
• Keep cloud services and applications up-to-date with the latest security patches and updates.
• Provide ongoing training for developers and administrators on secure coding practices and cloud security principles.
• Regularly audit cloud environments and configurations to identify and remediate security vulnerabilities.
• Ensure the latest Critical Patch Update (CPU) from Oracle is applied to mitigate the XSS vulnerability.
• Implement robust input validation and sanitization to prevent XSS and similar injection attacks.
• Continuously monitor applications for signs of XSS exploitation and other security issues.
• Restrict access to sensitive features and data to authorized users only.
• Conduct regular security reviews and penetration testing to identify and address potential vulnerabilities.
• Use WAFs to protect against common web application attacks, including those targeting identified vulnerabilities.