CVE-2018-1197: GCP Metadata Endpoint Accessible from Application Containers on Windows
Severity
High
Vendor
Cloud Foundry Foundation
Affected Cloud Foundry Products and Versions
- Windows Stemcells
- All versions prior to 1200.14
Description
Apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.
Mitigation
Users of affected versions should apply the following mitigations or upgrades:
- Releases that have fixed this issue include:
- Windows Stemcells: 1200.14
Credit
This issue was responsibly reported by the BOSH Windows Team.
History
2018-02-22: Initial vulnerability report published.