A nasty Google Cloud bug could let hackers use it to launch attacks

Cybersecurity researchers from Orca Security have uncovered a new bug in the Google Cloud Build service which could allow threat actors to gain almost full access to Google Artifact Registry code repositories.

The repercussions of the flaw, the researchers are saying in their report, are quite dire. The researchers named the vulnerability Bad.Build, saying it allows threat actors to impersonate the service account for the Google Cloud Build managed continuous integration and delivery service (CI/CD).

Read more…
Source: Techradar