CVE-2024-9858 Information

Description

There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local \m2cuser\ was greated with administrator privileges. This posed a security risk if the nalyze\ or \generate\ commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond

Reference

https://cloud.google.com/migrate/containers/docs/m2c-cli-relnotes#october_8_2024