CVE-2018-1197

Summary

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.

Affected Software

VendorProductVersion RangeStatus
Dell EMCWindows StemcellsAll versions prior to 1200.14affected

Weaknesses

  • GCP Metadata Endpoint Accessible from Application Containers on Windows

ADP Enrichment

CVE Program Container

Additional References

References