Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
Summary
A vulnerability in the Google Cloud Vertex AI SDK for Python allowed attackers to hijack machine learning model uploads and execute arbitrary code. Palo Alto Networks discovered the flaw, dubbed 'Pickle in the Middle,' and reported it through Google's bug bounty program; however, no exploitation in the wild was observed.
IFF Assessment
This vulnerability allows attackers to hijack model uploads and execute code within a victim's cloud infrastructure, posing a significant risk to data and services.
Severity
The CVSS score is estimated high due to the potential for unauthorized code execution within a cloud environment, impacting confidentiality, integrity, and availability, and requiring minimal privileges for an attacker.
Defender Context
This incident highlights the importance of secure software development practices for AI/ML platforms and the need for organizations to promptly patch or update their SDKs. Defenders should be vigilant about potential supply chain attacks targeting ML workflows and ensure robust access controls are in place for cloud services.