English
Deutsch
Español
Español – América Latina
Français
Indonesia
Italiano
Português
Português – Brasil
中文 – 简体
中文 – 繁體
日本語
한국어

Contact Us Start free

Security bulletins

The following describes all security bulletins related to Cloud Build.

To get the latest security bulletins delivered to you, do one of the following:

Add the URL of this page to your feed reader .
Add the feed URL directly to your feed reader: https://cloud.google.com/feeds/cloudbuild-security-bulletins.xml

GCP-2023-013

Published:2023-06-08

Description

Description	Severity	Notes
When you enable the Cloud Build API in a project, Cloud Build automatically creates a default service account to execute builds on your behalf. This Cloud Build legacy service account previously had the `logging.privateLogEntries.list` IAM permission, which allowed the build to have access to list private logs by default. This permission has now been revoked from the Cloud Build service account to adhere to the security principle of least privilege . What should I do? No further user action is required. The `logging.privateLogEntries.list` IAM permission has been revoked from the Cloud Build legacy service account and the fix has been rolled out. What vulnerabilities are addressed by this patch? This vulnerability granted builds the permission to list private logs. Since the `logging.privateLogEntries.list` IAM permission has now been revoked from the Cloud Build legacy service account, builds no longer have access to list private logs by default.	Low

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-10-24 UTC.

Design a Mobile Site

View Site in Mobile | Classic

Share by: