THE Palo Alto Networks report discusses a vulnerability in the Google Cloud Vertex AI SDK for Python, which potentially allows attackers to hijack and poison model uploads via a technique known as 'bucket squatting.' This exploit enables remote code execution (RCE) without the attacker needing access to the victim's project. Key details include:
- The vulnerability arises from predictable bucket naming and a lack of ownership verification in the SDK, allowing attackers to preemptively create buckets that intercept uploads.
- Attackers exploit this condition by replacing legitimate model artifacts with malicious ones during a narrow timing window after a victim uploads a model.
- The report emphasizes the importance of updating to fixed SDK versions (v1.148.0) to eliminate the vulnerability, alongside recommendations for securing AI lifecycle processes.