GCP-2026-042LowDisclosed before NVD
GCP-2026-042 — Published: 2026-06-24Description Description Severity Notes A privilege escalation vulnerability was addressed in Cloud Build.
📋 Description
Published: 2026-06-24Description Description Severity Notes A privilege escalation vulnerability was addressed in Cloud Build. Previously, for GitLab Enterprise and Bitbucket Data Center connections, when Secret Manager secrets were retrieved, permissions were checked against the Cloud Build service agent (P4SA) credentials only. Cloud Build now validates that both the calling principal and the P4SA have the required permissions on the referenced secrets. For instructions and more details, see the Cloud Build security bulletin. Low