Vulnerability Details CVE-2018-1197
In Windows Stemcells versions prior to 1200.14, apps running inside containers in Windows on Google Cloud Platform are able to access the metadata endpoint. A malicious developer could use this access to gain privileged credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.5%
CVSS Severity
CVSS v3 Score 8.5
CVSS v2 Score 6.0
References
Products affected by CVE-2018-1197
-
cpe:2.3:a:pivotal_software:windows_stemcells:1056.0
-
cpe:2.3:a:pivotal_software:windows_stemcells:1056.1
-
cpe:2.3:a:pivotal_software:windows_stemcells:1079.0
-
cpe:2.3:a:pivotal_software:windows_stemcells:1200.0
-
cpe:2.3:a:pivotal_software:windows_stemcells:1200.10
-
cpe:2.3:a:pivotal_software:windows_stemcells:1200.11
-
cpe:2.3:a:pivotal_software:windows_stemcells:1200.13
-
cpe:2.3:a:pivotal_software:windows_stemcells:1200.3
-
cpe:2.3:a:pivotal_software:windows_stemcells:1200.4
-
cpe:2.3:a:pivotal_software:windows_stemcells:1200.5
-
cpe:2.3:a:pivotal_software:windows_stemcells:1200.6
-
cpe:2.3:a:pivotal_software:windows_stemcells:1200.7
-
cpe:2.3:a:pivotal_software:windows_stemcells:1200.8