Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by Azure
CVE-2026-42316 (GCVE-0-2026-42316)
Vulnerability from cvelistv5 – Published: 2026-05-11 16:41 – Updated: 2026-05-11 17:27
VLAI
Title
KQL injection via kusto.tables.topics.mapping in kafka-sink-azure-kusto
Summary
kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping entry were interpolated directly into KQL management/query commands via String.formatted(...) (e.g., FETCH_TABLE_COMMAND.formatted(table) → "<table> | count", FETCH_TABLE_MAPPING_COMMAND.formatted(table, format, mapping) → ".show table <table> ingestion <format> mapping '<mapping>'"). An actor able to influence the connector configuration (for example, someone with permissions to submit or edit Kafka Connect connector configs) could embed KQL metacharacters (;, |, ') to execute arbitrary management commands in the context of the connector's service principal — enabling schema enumeration/modification, ingestion-mapping tampering, or changes to streaming/retention policies on the target Azure Data Explorer database. This is a tampering vulnerability. Exploitation requires privileged access to the connector configuration; no end-user interaction or Kafka record payload is involved. This vulnerability is fixed in 5.2.3.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Azure/kafka-sink-azure-kusto/s… | x_refsource_CONFIRM |
| https://github.com/Azure/kafka-sink-azure-kusto/p… | x_refsource_MISC |
| https://github.com/Azure/kafka-sink-azure-kusto/r… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Azure | kafka-sink-azure-kusto |
Affected:
< 5.2.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T17:27:18.333065Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T17:27:23.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kafka-sink-azure-kusto",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 5.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping entry were interpolated directly into KQL management/query commands via String.formatted(...) (e.g., FETCH_TABLE_COMMAND.formatted(table) \u2192 \"\u003ctable\u003e | count\", FETCH_TABLE_MAPPING_COMMAND.formatted(table, format, mapping) \u2192 \".show table \u003ctable\u003e ingestion \u003cformat\u003e mapping \u0027\u003cmapping\u003e\u0027\"). An actor able to influence the connector configuration (for example, someone with permissions to submit or edit Kafka Connect connector configs) could embed KQL metacharacters (;, |, \u0027) to execute arbitrary management commands in the context of the connector\u0027s service principal \u2014 enabling schema enumeration/modification, ingestion-mapping tampering, or changes to streaming/retention policies on the target Azure Data Explorer database. This is a tampering vulnerability. Exploitation requires privileged access to the connector configuration; no end-user interaction or Kafka record payload is involved. This vulnerability is fixed in 5.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-943",
"description": "CWE-943: Improper Neutralization of Special Elements in Data Query Logic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T16:41:07.091Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Azure/kafka-sink-azure-kusto/security/advisories/GHSA-c9mr-mqvh-6wgj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Azure/kafka-sink-azure-kusto/security/advisories/GHSA-c9mr-mqvh-6wgj"
},
{
"name": "https://github.com/Azure/kafka-sink-azure-kusto/pull/155",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/kafka-sink-azure-kusto/pull/155"
},
{
"name": "https://github.com/Azure/kafka-sink-azure-kusto/releases/tag/v5.2.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/kafka-sink-azure-kusto/releases/tag/v5.2.3"
}
],
"source": {
"advisory": "GHSA-c9mr-mqvh-6wgj",
"discovery": "UNKNOWN"
},
"title": "KQL injection via kusto.tables.topics.mapping in kafka-sink-azure-kusto"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42316",
"datePublished": "2026-05-11T16:41:07.091Z",
"dateReserved": "2026-04-26T12:37:18.170Z",
"dateUpdated": "2026-05-11T17:27:23.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32952 (GCVE-0-2026-32952)
Vulnerability from cvelistv5 – Published: 2026-04-24 01:46 – Updated: 2026-04-24 16:29
VLAI
Title
go-ntlmssp NTLM challenges can panic on malformed payloads
Summary
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Azure/go-ntlmssp/security/advi… | x_refsource_CONFIRM |
| https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Azure | go-ntlmssp |
Affected:
< 0.1.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T16:29:17.449582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T16:29:28.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "go-ntlmssp",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T01:46:31.573Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj"
},
{
"name": "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1"
}
],
"source": {
"advisory": "GHSA-pjcq-xvwq-hhpj",
"discovery": "UNKNOWN"
},
"title": "go-ntlmssp NTLM challenges can panic on malformed payloads"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32952",
"datePublished": "2026-04-24T01:46:31.573Z",
"dateReserved": "2026-03-17T00:05:53.285Z",
"dateUpdated": "2026-04-24T16:29:28.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-29195 (GCVE-0-2024-29195)
Vulnerability from cvelistv5 – Published: 2024-03-26 02:57 – Updated: 2024-08-04 11:26
VLAI
Title
Azure C SDK Integer Wraparound Vulnerability
Summary
The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Azure/azure-c-shared-utility/s… | x_refsource_CONFIRM |
| https://github.com/Azure/azure-c-shared-utility/c… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Azure | azure-c-shared-utility |
Affected:
< 2024-02-08
|
|
| microsoft | azure_c_shared_utility |
Affected:
0 , < 2024.02.08
(custom)
cpe:2.3:a:microsoft:azure_c_shared_utility:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:55.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg"
},
{
"name": "https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:azure_c_shared_utility:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "azure_c_shared_utility",
"vendor": "microsoft",
"versions": [
{
"lessThan": "2024.02.08",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-04T11:18:14.788556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-04T11:26:22.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "azure-c-shared-utility",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 2024-02-08"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T02:57:20.769Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg"
},
{
"name": "https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2"
}
],
"source": {
"advisory": "GHSA-m8wp-hc7w-x4xg",
"discovery": "UNKNOWN"
},
"title": "Azure C SDK Integer Wraparound Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29195",
"datePublished": "2024-03-26T02:57:20.769Z",
"dateReserved": "2024-03-18T17:07:00.095Z",
"dateUpdated": "2024-08-04T11:26:22.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27099 (GCVE-0-2024-27099)
Vulnerability from cvelistv5 – Published: 2024-02-27 18:58 – Updated: 2024-08-02 00:27
VLAI
Title
Azure IoT Platform Device SDK Double Free Vulnerability
Summary
The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-415 - Double Free
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Azure/azure-uamqp-c/security/a… | x_refsource_CONFIRM |
| https://github.com/Azure/azure-uamqp-c/commit/2ca… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Azure | azure-uamqp-c |
Affected:
< 2023-2-08
|
|
| microsoft | azure_uamqp |
Affected:
0 , < 2023-2-08
(custom)
cpe:2.3:a:microsoft:azure_uamqp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:azure_uamqp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "azure_uamqp",
"vendor": "microsoft",
"versions": [
{
"lessThan": "2023-2-08",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T20:28:53.390671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T17:59:55.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj"
},
{
"name": "https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "azure-uamqp-c",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 2023-2-08"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-27T18:58:26.274Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj"
},
{
"name": "https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987"
}
],
"source": {
"advisory": "GHSA-6rh4-fj44-v4jj",
"discovery": "UNKNOWN"
},
"title": "Azure IoT Platform Device SDK Double Free Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27099",
"datePublished": "2024-02-27T18:58:26.274Z",
"dateReserved": "2024-02-19T14:43:05.993Z",
"dateUpdated": "2024-08-02T00:27:59.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25110 (GCVE-0-2024-25110)
Vulnerability from cvelistv5 – Published: 2024-02-12 19:58 – Updated: 2024-11-07 19:12
VLAI
Title
Azure IoT Platform Device SDK Remote Code Execution Vulnerability
Summary
The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Azure/azure-uamqp-c/security/a… | x_refsource_CONFIRM |
| https://github.com/Azure/azure-uamqp-c/commit/308… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Azure | azure-uamqp-c |
Affected:
< 2024-01-01
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v"
},
{
"name": "https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T15:22:35.580632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T19:12:40.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "azure-uamqp-c",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 2024-01-01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-12T19:58:36.362Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v"
},
{
"name": "https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695"
}
],
"source": {
"advisory": "GHSA-c646-4whf-r67v",
"discovery": "UNKNOWN"
},
"title": "Azure IoT Platform Device SDK Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25110",
"datePublished": "2024-02-12T19:58:36.362Z",
"dateReserved": "2024-02-05T14:14:46.378Z",
"dateUpdated": "2024-11-07T19:12:40.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21638 (GCVE-0-2024-21638)
Vulnerability from cvelistv5 – Published: 2024-01-10 21:44 – Updated: 2025-06-03 14:27
VLAI
Title
Azure IPAM solution Elevation of Privilege Vulnerability
Summary
Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Azure/ipam/security/advisories… | x_refsource_CONFIRM |
| https://github.com/Azure/ipam/pull/218 | x_refsource_MISC |
| https://github.com/Azure/ipam/commit/64ef2d07edf1… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6"
},
{
"name": "https://github.com/Azure/ipam/pull/218",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Azure/ipam/pull/218"
},
{
"name": "https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:41:13.322757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:27:29.665Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ipam",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers\u0027 Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-10T21:44:23.080Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6"
},
{
"name": "https://github.com/Azure/ipam/pull/218",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/ipam/pull/218"
},
{
"name": "https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f"
}
],
"source": {
"advisory": "GHSA-m8mp-jq4c-g8j6",
"discovery": "UNKNOWN"
},
"title": "Azure IPAM solution Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21638",
"datePublished": "2024-01-10T21:44:23.080Z",
"dateReserved": "2023-12-29T03:00:44.957Z",
"dateUpdated": "2025-06-03T14:27:29.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21646 (GCVE-0-2024-21646)
Vulnerability from cvelistv5 – Published: 2024-01-09 00:04 – Updated: 2025-06-16 19:52
VLAI
Title
Azure IoT Platform Device SDK Remote Code Execution Vulnerability
Summary
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Azure/azure-uamqp-c/security/a… | x_refsource_CONFIRM |
| https://github.com/Azure/azure-uamqp-c/commit/12d… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Azure | azure-uamqp-c |
Affected:
< 2024-01-01
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv"
},
{
"name": "https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T19:52:45.674069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T19:52:58.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "azure-uamqp-c",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 2024-01-01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T00:04:53.587Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv"
},
{
"name": "https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe"
}
],
"source": {
"advisory": "GHSA-j29m-p99g-7hpv",
"discovery": "UNKNOWN"
},
"title": "Azure IoT Platform Device SDK Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21646",
"datePublished": "2024-01-09T00:04:53.587Z",
"dateReserved": "2023-12-29T03:00:44.958Z",
"dateUpdated": "2025-06-16T19:52:58.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23939 (GCVE-0-2023-23939)
Vulnerability from cvelistv5 – Published: 2023-03-06 18:19 – Updated: 2025-02-25 15:00
VLAI
Title
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
Summary
Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Azure/setup-kubectl/security/a… | x_refsource_CONFIRM |
| https://github.com/Azure/setup-kubectl/commit/d44… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Azure | setup-kubectl |
Affected:
< 3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:49:07.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Azure/setup-kubectl/security/advisories/GHSA-p756-rfxh-x63h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Azure/setup-kubectl/security/advisories/GHSA-p756-rfxh-x63h"
},
{
"name": "https://github.com/Azure/setup-kubectl/commit/d449d75495d2b9d1463555bb00ca3dca77a42ab6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Azure/setup-kubectl/commit/d449d75495d2b9d1463555bb00ca3dca77a42ab6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T14:30:16.170469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T15:00:56.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "setup-kubectl",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-06T18:19:05.155Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Azure/setup-kubectl/security/advisories/GHSA-p756-rfxh-x63h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Azure/setup-kubectl/security/advisories/GHSA-p756-rfxh-x63h"
},
{
"name": "https://github.com/Azure/setup-kubectl/commit/d449d75495d2b9d1463555bb00ca3dca77a42ab6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/setup-kubectl/commit/d449d75495d2b9d1463555bb00ca3dca77a42ab6"
}
],
"source": {
"advisory": "GHSA-p756-rfxh-x63h",
"discovery": "UNKNOWN"
},
"title": "Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23939",
"datePublished": "2023-03-06T18:19:05.155Z",
"dateReserved": "2023-01-19T21:12:31.361Z",
"dateUpdated": "2025-02-25T15:00:56.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23551 (GCVE-0-2022-23551)
Vulnerability from cvelistv5 – Published: 2022-12-21 19:50 – Updated: 2025-04-15 18:10
VLAI
Title
AAD Pod Identity obtaining token with backslash
Summary
aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn't have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/Azure/aad-pod-identity/securit… | x_refsource_CONFIRM |
| https://github.com/Azure/aad-pod-identity/commit/… | x_refsource_MISC |
| https://github.com/Azure/aad-pod-identity/release… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Azure | aad-pod-identity |
Affected:
< 1.8.13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hjpc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hjpc"
},
{
"name": "https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d059204cb5d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d059204cb5d"
},
{
"name": "https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T18:10:00.841172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T18:10:15.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "aad-pod-identity",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\\oauth2\\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn\u0027t have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1259",
"description": "CWE-1259: Improper Restriction of Security Token Assignment",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-21T19:50:15.247Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hjpc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hjpc"
},
{
"name": "https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d059204cb5d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d059204cb5d"
},
{
"name": "https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13"
}
],
"source": {
"advisory": "GHSA-p82q-rxpm-hjpc",
"discovery": "UNKNOWN"
},
"title": "AAD Pod Identity obtaining token with backslash"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23551",
"datePublished": "2022-12-21T19:50:15.247Z",
"dateReserved": "2022-01-19T21:23:53.801Z",
"dateUpdated": "2025-04-15T18:10:15.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39327 (GCVE-0-2022-39327)
Vulnerability from cvelistv5 – Published: 2022-10-25 00:00 – Updated: 2025-04-22 17:17
VLAI
Title
Improper Control of Generation of Code ('Code Injection') in Azure CLI
Summary
Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:00:44.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Azure/azure-cli/pull/23514"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Azure/azure-cli/pull/24015"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39327",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:40:50.784619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T17:17:26.636Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "azure-cli",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 2.40.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `\u0026` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-25T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"
},
{
"url": "https://github.com/Azure/azure-cli/pull/23514"
},
{
"url": "https://github.com/Azure/azure-cli/pull/24015"
}
],
"source": {
"advisory": "GHSA-47xc-9rr2-q7p4",
"discovery": "UNKNOWN"
},
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027) in Azure CLI"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-39327",
"datePublished": "2022-10-25T00:00:00.000Z",
"dateReserved": "2022-09-02T00:00:00.000Z",
"dateUpdated": "2025-04-22T17:17:26.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}