{"id":4111,"date":"2025-04-22T15:13:45","date_gmt":"2025-04-22T15:13:45","guid":{"rendered":"https:\/\/news.cybertechworld.co.in\/index.php\/2025\/04\/22\/gcp-cloud-composer-bug-let-attackers-elevate-access-via-malicious-pypi-packages\/"},"modified":"2025-04-22T15:13:45","modified_gmt":"2025-04-22T15:13:45","slug":"gcp-cloud-composer-bug-let-attackers-elevate-access-via-malicious-pypi-packages","status":"publish","type":"post","link":"https:\/\/news.cybertechworld.co.in\/index.php\/2025\/04\/22\/gcp-cloud-composer-bug-let-attackers-elevate-access-via-malicious-pypi-packages\/","title":{"rendered":"GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages"},"content":{"rendered":"

\u200bCybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that’s based on Apache Airflow.
\n“This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which\u00a0Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that’s based on Apache Airflow.
\n“This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which\u00a0\u00a0The Hacker News<\/p>","protected":false},"excerpt":{"rendered":"

\u200bCybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that’s based on Apache Airflow. “This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account,… Read More »GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages<\/span><\/a><\/p>\n","protected":false},"author":0,"featured_media":4112,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts\/4111"}],"collection":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/comments?post=4111"}],"version-history":[{"count":0,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts\/4111\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/media\/4112"}],"wp:attachment":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/media?parent=4111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/categories?post=4111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/tags?post=4111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}