CVE-2024-9858

EUVD-2024-50164
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
google_cloudmigrate_to_containers
1.2.2 ≤
𝑥
≤ 1.2.2
googlemigrate_to_containers
1.1.0 ≤
𝑥
< 1.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cloud.google.com/migrate/containers/docs/m2c-cli-relnotes#october_8_2024