Such a security issue — which stems from the background creation of a Cloud Build service account and its default connection to a Cloud Build instance following Cloud Function creation or updating — could be leveraged by attackers to infiltrate other Google Cloud services.
Article Link: Significant compromise possible with novel Google Cloud vulnerability | SC Media