Insecure Default User Permission in Google Cloud Migrate
CVE-2024-9858

Currently unrated

Key Information:

Vendor: Google Cloud
Vendor: CVE Published:; 16 October 2024

🔔 Create Google Cloud Vulnerability Alert

What is CVE-2024-9858?

There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond

References

https://cloud.google.com/migrate/containers/docs/m2c-cli-...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2024