PT-2018-10928 · Microsoft · Windows Stemcells

Published

2018-03-19

Updated

2019-10-03

CVE-2018-1197

CVSS v3.1

8.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows Stemcells versions prior to 1200.14

Description The issue allows apps running inside containers in Windows on Google Cloud Platform to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.

Recommendations For Windows Stemcells versions prior to 1200.14, update to version 1200.14 or later to resolve the issue.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-1197

Affected Products

Windows Stemcells

PT-2018-10928 · Microsoft · Windows Stemcells

CVE-2018-1197

Weakness Enumeration

Related Identifiers

Affected Products

References · 3