Privileged Credential Exposure in Windows Stemcells on Google Cloud Platform

Privileged Credential Exposure in Windows Stemcells on Google Cloud Platform

CVE-2018-1197 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.

Learn more about our Cloud Audit.