exploitDog

CVE-2018-1197

Опубликовано: 19 мар. 2018

Источник: nvd

CVSS3: 8.5

CVSS2: 6

EPSS Низкий

Описание

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.

Ссылки

https://www.cloudfoundry.org/blog/cve-2018-1197/
Vendor Advisory
https://www.cloudfoundry.org/blog/cve-2018-1197/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pivotal_software:windows_stemcells:*:*:*:*:*:*:*:*

Версия до 1200.14 (исключая)

EPSS

Процентиль: 53%

0.00302

Низкий

8.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-5mjc-xm4w-8h63

CVSS3: 8.5

github

больше 3 лет назад

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.

EPSS

Процентиль: 53%

0.00302

Низкий

8.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-732