Windows 2012R2 stemcells
by Cloudfoundry
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1197 | Hig | 0.55 | 8.5 | 0.01 | Mar 19, 2018 | In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials. | ||
| CVE-2018-1276 | Med | 0.42 | 6.5 | 0.01 | May 17, 2018 | Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials. |
- risk 0.55cvss 8.5epss 0.01
In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.
- risk 0.42cvss 6.5epss 0.01
Windows 2012R2 stemcells, versions prior to 1200.17, contain an information exposure vulnerability on vSphere. A remote user with the ability to push apps can execute crafted commands to read the IaaS metadata from the VM, which may contain BOSH credentials.