Skip to content

fix: add bucket ownership check to pipeline artifacts bucket#6612

Open
instantraaamen wants to merge 2 commits into
googleapis:mainfrom
instantraaamen:fix-pipeline-bucket-squatting
Open

fix: add bucket ownership check to pipeline artifacts bucket#6612
instantraaamen wants to merge 2 commits into
googleapis:mainfrom
instantraaamen:fix-pipeline-bucket-squatting

Conversation

@instantraaamen

@instantraaamen instantraaamen commented Apr 19, 2026

Copy link
Copy Markdown

Description

#6574 added _verify_bucket_ownership() to the staging bucket path in stage_local_data_in_gcs() to prevent bucket squatting (CVE-2026-2473). The pipeline artifacts bucket in the same file was not covered by that fix.

create_gcs_bucket_for_pipeline_artifacts_if_it_does_not_exist() still uses a predictable bucket name ({project}-vertex-pipelines-{location}) and, when the bucket already exists, uses it without verifying ownership. An attacker can pre-create this bucket in their own project and intercept pipeline outputs.

This adds the same _verify_bucket_ownership() check to the pipeline bucket path.

Reproducer

# attacker pre-creates the victim's predictable pipeline bucket
gcloud storage buckets create gs://victim-project-vertex-pipelines-us-central1 \
  --project=attacker-project --location=us-central1

# victim runs a pipeline job — SDK silently uses attacker's bucket
from google.cloud.aiplatform import PipelineJob
job = PipelineJob(display_name="my-pipeline", template_path="pipeline.yaml")
job.submit()  # artifacts written to attacker's bucket

@instantraaamen
fix: add bucket ownership check to pipeline artifacts bucket
5310047 
The staging bucket fix (googleapis#6574) added `_verify_bucket_ownership()` to
prevent bucket squatting, but the pipeline artifacts bucket still uses a
predictable name (`{project}-vertex-pipelines-{location}`) and does not
verify ownership when the bucket already exists.

This adds the same ownership check to
`create_gcs_bucket_for_pipeline_artifacts_if_it_does_not_exist()`.
@instantraaamen instantraaamen requested a review from a team as a code owner April 19, 2026 11:38
@product-auto-label product-auto-label Bot added size: s Pull request size is small. api: vertex-ai Issues related to the googleapis/python-aiplatform API. labels Apr 19, 2026
@matthew29tang matthew29tang self-assigned this Jun 11, 2026
@matthew29tang matthew29tang added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 11, 2026
@yoshi-kokoro yoshi-kokoro removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Jun 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@matthew29tang matthew29tang

Labels

api: vertex-ai Issues related to the googleapis/python-aiplatform API. size: s Pull request size is small.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@instantraaamen @matthew29tang @yoshi-kokoro