Tenable has uncovered a privilege escalation vulnerability in Google Cloud Composer (GCP) named ConfusedComposer. The vulnerability lets attackers with edit permissions in Cloud Composer to escalate privileges and gain access to a high-level service account with broad permissions across GCP. Cloud Composer uses Cloud Build, a fully managed continuous integration and delivery (CI/CD) service.