Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service


A patch for the problem was made available in June, but the researchers who found it published a detailed analysis of the vulnerability on Tuesday, explaining that it constituted a threat vector similar to SolarWinds or the more recent 3CX and MOVEit supply chain attacks.

Users can import code from various repositories and cloud storage spaces and conduct builds on Google Cloud according to their specifications using this tool. The “Bad.Build” problem was mostly caused by the permissions granted to the standard service accounts that come with the Cloud Build service.

Read More…