GCP-2026-042LowDisclosed before NVD

GCP-2026-042 — Published: 2026-06-24Description Description Severity Notes A privilege escalation vulnerability was addressed in Cloud Build.

Published
June 24, 2026
Last Modified

📋 Description

Published: 2026-06-24Description Description Severity Notes A privilege escalation vulnerability was addressed in Cloud Build. Previously, for GitLab Enterprise and Bitbucket Data Center connections, when Secret Manager secrets were retrieved, permissions were checked against the Cloud Build service agent (P4SA) credentials only. Cloud Build now validates that both the calling principal and the P4SA have the required permissions on the referenced secrets. For instructions and more details, see the Cloud Build security bulletin. Low

🔗 References (1)