Search criteria
3 vulnerabilities found for migrate_to_containers by google
FKIE_CVE-2024-9858
Vulnerability from fkie_nvd - Published: 2024-10-16 09:15 - Updated: 2025-07-30 19:32
Severity ?
Summary
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| migrate_to_containers | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:migrate_to_containers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59E1CC0F-79D1-4C58-BDBB-77FB8E057C6F",
"versionEndExcluding": "1.2.3",
"versionStartIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local \"m2cuser\" was greated with\u00a0administrator privileges. This posed a security risk if the \"analyze\" or \"generate\" commands were interrupted or skipping the action to delete the local user \u201cm2cuser\u201d. We recommend upgrading to\u00a01.2.3 or beyond"
},
{
"lang": "es",
"value": "Existe un permiso de usuario predeterminado inseguro en las instalaciones de Google Cloud Migrate to Containers desde la versi\u00f3n 1.1.0 a la 1.2.2 de Windows. Se otorgaron privilegios de administrador a un \"m2cuser\" local. Esto representaba un riesgo de seguridad si se interrump\u00edan los comandos \"analyze\" o \"generate\" o se omit\u00eda la acci\u00f3n de eliminar el usuario local \"m2cuser\". Recomendamos actualizar a la versi\u00f3n 1.2.3 o posterior."
}
],
"id": "CVE-2024-9858",
"lastModified": "2025-07-30T19:32:10.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:A/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"source": "cve-coordination@google.com",
"type": "Secondary"
}
]
},
"published": "2024-10-16T09:15:03.550",
"references": [
{
"source": "cve-coordination@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cloud.google.com/migrate/containers/docs/m2c-cli-relnotes#october_8_2024"
}
],
"sourceIdentifier": "cve-coordination@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "cve-coordination@google.com",
"type": "Secondary"
}
]
}
CVE-2024-9858 (GCVE-0-2024-9858)
Vulnerability from cvelistv5 – Published: 2024-10-16 08:43 – Updated: 2024-10-16 16:24
VLAI?
Title
Insecure user permissions in Google Cloud Migrate to Containers for Windows
Summary
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Migrate to Containers |
Affected:
1.1.0 , ≤ 1.2.2
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:google_cloud:migrate_to_containers:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "migrate_to_containers",
"vendor": "google_cloud",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-9858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T16:19:21.189547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T16:24:16.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Migrate to Containers",
"vendor": "Google Cloud",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-07T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local \"m2cuser\" was greated with\u0026nbsp;administrator privileges. This posed a security risk if the \"analyze\" or \"generate\" commands were interrupted or skipping the action to delete the local user \u201cm2cuser\u201d. We recommend upgrading to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.2.3 or beyond\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local \"m2cuser\" was greated with\u00a0administrator privileges. This posed a security risk if the \"analyze\" or \"generate\" commands were interrupted or skipping the action to delete the local user \u201cm2cuser\u201d. We recommend upgrading to\u00a01.2.3 or beyond"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/S:P/AU:Y/R:A/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T08:43:51.015Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://cloud.google.com/migrate/containers/docs/m2c-cli-relnotes#october_8_2024"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure user permissions in Google Cloud Migrate to Containers for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-9858",
"datePublished": "2024-10-16T08:43:51.015Z",
"dateReserved": "2024-10-11T11:17:41.006Z",
"dateUpdated": "2024-10-16T16:24:16.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9858 (GCVE-0-2024-9858)
Vulnerability from nvd – Published: 2024-10-16 08:43 – Updated: 2024-10-16 16:24
VLAI?
Title
Insecure user permissions in Google Cloud Migrate to Containers for Windows
Summary
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond
Severity ?
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google Cloud | Migrate to Containers |
Affected:
1.1.0 , ≤ 1.2.2
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:google_cloud:migrate_to_containers:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "migrate_to_containers",
"vendor": "google_cloud",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-9858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T16:19:21.189547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T16:24:16.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Migrate to Containers",
"vendor": "Google Cloud",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-07T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local \"m2cuser\" was greated with\u0026nbsp;administrator privileges. This posed a security risk if the \"analyze\" or \"generate\" commands were interrupted or skipping the action to delete the local user \u201cm2cuser\u201d. We recommend upgrading to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e1.2.3 or beyond\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local \"m2cuser\" was greated with\u00a0administrator privileges. This posed a security risk if the \"analyze\" or \"generate\" commands were interrupted or skipping the action to delete the local user \u201cm2cuser\u201d. We recommend upgrading to\u00a01.2.3 or beyond"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L/S:P/AU:Y/R:A/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T08:43:51.015Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://cloud.google.com/migrate/containers/docs/m2c-cli-relnotes#october_8_2024"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insecure user permissions in Google Cloud Migrate to Containers for Windows",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-9858",
"datePublished": "2024-10-16T08:43:51.015Z",
"dateReserved": "2024-10-11T11:17:41.006Z",
"dateUpdated": "2024-10-16T16:24:16.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}