CVE-2024-9858

There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated withadministrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user m2cuser. We recommend upgrading to1.2.3 or beyond
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
GoogleCNA
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
google_cloudmigrate_to_containers
1.2.2 ≤
𝑥
≤ 1.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cloud.google.com/migrate/containers/docs/m2c-cli-relnotes#october_8_2024