ConfusedComposer vulnerability in reported in Google Cloud Composer tool

A  privilege escalation vulnerability, dubbed "ConfusedComposer," has been discovered in Google Cloud Platform's (GCP) service orchestration process. 

This vulnerability affects the interaction between Cloud Composer and Cloud Build services, potentially allowing attackers to gain unauthorized elevated privileges across GCP projects.

The vulnerability stems from how Cloud Composer, a fully managed workflow-orchestration service based on Apache Airflow, interacts with Cloud Build when installing custom PyPI packages: 

• When users specify a custom package, Cloud Composer initiates a build process using the default Cloud Build service account—a highly privileged identity with extensive permissions to various GCP services including Cloud Storage, Artifact Registry, Container Registry, and Cloud Build itself.
• An attacker with the composer.environments.update permission could exploit this vulnerability by injecting a malicious PyPI package into the victim's Composer custom-package configuration and leveraging Pip's automatic execution of pre- and post-package installation scripts to run arbitrary code.
• The arbitrary code can access  the Cloud Build's metadata API to extract and exfiltrate the privileged service account token which can be used to escalate privileges across the victim's GCP project.

The attacker doesn't need direct access to either Composer's service account or Cloud Build's service account—only the ability to update a Composer environment. 

Google has addressed this vulnerability by changing how Cloud Composer performs PyPI module installations. Now Cloud Composer uses the more restricted Composer environment service account.

This fix has already been implemented for new Cloud Composer instances, and existing instances are scheduled to receive the update by April 2025.