Vulnerability hunters have struck again. This time they’ve uncovered a significant security flaw in Google Cloud Run, aptly named “ImageRunner.” The vulnerability allowed attackers with certain permissions to access private container images they shouldn’t have been able to see. Talk about a digital peeping Tom situation.
The issue stemmed from improper identity handling within Google’s serverless platform. Attackers with revision edit permissions could exploit Cloud Run’s automated service agents – which operate with elevated permissions – to access proprietary code and sensitive data. These service agents were basically overpowered digital butlers, fetching private images without checking if the requester actually had permission to view them. Oops.
Tenable Research discovered the vulnerability and reported it to Google, who quietly addressed it in January 2025. The fix introduced additional IAM checks to guarantee deployers actually have read access to container images before deployment. Revolutionary concept, right? Make certain people can only access what they’re supposed to.
To exploit ImageRunner, attackers needed specific permissions like “run.services.update” and “iam.serviceAccounts.actAs” within a GCP project. Not exactly trivial access, but not impossible either. Once in, they could modify Cloud Run service revisions to point to private container images, completely bypassing normal registry permissions. The security issue affected private images stored in both Google Container Registry and Artifact Registry. The payoff? Access to proprietary application code, secrets, and private data.
Attackers with specific permissions could bypass registry controls to access proprietary code. Not impossible, dangerously effective.
The implications were serious. Intellectual property theft. Data exfiltration. Corporate espionage. All because service agents weren’t double-checking their orders. This vulnerability represents exactly the kind of threat that multi-factor authentication could help mitigate by requiring additional verification steps. The update now requires users to have the Artifact Registry Reader IAM role to access any container images.
Google claims developers need no additional action post-update. That’s nice. But the incident highlights bigger issues in cloud security. Reliance on automated agents with elevated permissions creates obvious risks. Without regular security audits, these flaws can go undetected.
Cloud Run customers received communication about the issue back in November 2024, giving them time to prepare before the public disclosure. At least Google was proactive there.
The lesson? Cloud architectures need stringent identity management. Period. Even tech giants make mistakes. And in cloud computing, those mistakes can leave your precious containers exposed to prying eyes. Not exactly the type of transparency businesses are looking for.
