Vertex AI SDK: Model upload interception — update to v1.148.0

Colleagues, note: a vulnerability in the Google Vertex AI SDK (Python) allowed interception of model uploads via bucket squatting.
- Unit 42: SDK generated a predictable temporary bucket name from the project ID and region; an attacker could pre-create that bucket.
- Impact: files were written to the attacker’s bucket — the attacker could replace the model; pickle/joblib deserialization executes code in the serving container.
- Conditions: occurs when staging_bucket is unset and no temp bucket exists in the region; attack depends on timing.
- Recommendations: upgrade google-cloud-aiplatform to v1.148.0+ and specify your own staging_bucket.
Why this matters: model tampering can lead to code execution and leakage of tokens/data.
What practices do you use to protect model uploads?
#cybersecurity #cloudsecurity #VertexAI


Latest comments
No comments yet.