Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-20679 (GCVE-0-2024-20679)
Vulnerability from cvelistv5 – Published: 2024-02-13 18:02 – Updated: 2025-05-03 01:37
VLAI
EPSS
Title
Azure Stack Hub Spoofing Vulnerability
Summary
Azure Stack Hub Spoofing Vulnerability
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Stack Hub |
Affected:
1.0.0 , < 1.2311.1.22
(custom)
|
Date Public
2024-02-13 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T16:32:30.868468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T19:39:27.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure Stack Hub Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Stack Hub",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2311.1.22",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2311.1.22",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-02-13T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Stack Hub Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:37:24.701Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Stack Hub Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
}
],
"title": "Azure Stack Hub Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-20679",
"datePublished": "2024-02-13T18:02:26.447Z",
"dateReserved": "2023-11-28T22:58:12.117Z",
"dateUpdated": "2025-05-03T01:37:24.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-20679",
"date": "2026-05-28",
"epss": "0.00534",
"percentile": "0.67663"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2311.1.22\", \"matchCriteriaId\": \"4DEE9E34-FE45-43E2-BB61-075F9B9DF83D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Azure Stack Hub Spoofing Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de suplantaci\\u00f3n de identidad en Azure Stack Hub\"}]",
"id": "CVE-2024-20679",
"lastModified": "2024-11-21T08:52:54.410",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
"published": "2024-02-13T18:15:47.723",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-20679\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2024-02-13T18:15:47.723\",\"lastModified\":\"2024-11-21T08:52:54.410\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Azure Stack Hub Spoofing Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de suplantaci\u00f3n de identidad en Azure Stack Hub\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2311.1.22\",\"matchCriteriaId\":\"4DEE9E34-FE45-43E2-BB61-075F9B9DF83D\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679\", \"name\": \"Azure Stack Hub Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:59:42.380Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-20679\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-14T16:32:30.868468Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-25T19:39:23.788Z\"}}], \"cna\": {\"title\": \"Azure Stack Hub Spoofing Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Azure Stack Hub\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"1.2311.1.22\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}], \"datePublic\": \"2024-02-13T08:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679\", \"name\": \"Azure Stack Hub Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Azure Stack Hub Spoofing Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"1.2311.1.22\", \"versionStartIncluding\": \"1.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-05-03T01:37:24.701Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-20679\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-03T01:37:24.701Z\", \"dateReserved\": \"2023-11-28T22:58:12.117Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2024-02-13T18:02:26.447Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0130
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges, une exécution de code arbitraire à distance et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure Connected Machine Agent | ||
| Microsoft | Azure | Azure File Sync v16.0 | ||
| Microsoft | Azure | Azure File Sync v14.0 | ||
| Microsoft | Azure | Microsoft Azure Active Directory B2C | ||
| Microsoft | Azure | Azure Kubernetes Service Confidential Containers | ||
| Microsoft | Azure | Azure File Sync v17.0 | ||
| Microsoft | Azure | Azure DevOps Server 2022.1 | ||
| Microsoft | Azure | Azure DevOps Server 2020.1.2 | ||
| Microsoft | Azure | Azure DevOps Server 2019.1.2 | ||
| Microsoft | Azure | Azure Stack Hub | ||
| Microsoft | Azure | Azure File Sync v15.0 | ||
| Microsoft | Azure | Azure Site Recovery |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Connected Machine Agent",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v16.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v14.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Azure Active Directory B2C",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Kubernetes Service Confidential Containers",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v17.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2022.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2020.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack Hub",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v15.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Site Recovery",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21329"
},
{
"name": "CVE-2024-20667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20667"
},
{
"name": "CVE-2024-21364",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21364"
},
{
"name": "CVE-2024-21376",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21376"
},
{
"name": "CVE-2024-21381",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21381"
},
{
"name": "CVE-2024-21403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21403"
},
{
"name": "CVE-2024-20679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20679"
},
{
"name": "CVE-2024-21397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21397"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21381 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21381"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20667 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20667"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21403 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21403"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21329 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21329"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21376 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21376"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20679 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21364 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21364"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21397 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21397"
}
],
"reference": "CERTFR-2024-AVI-0130",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code\narbitraire \u00e0 distance et une usurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2024-AVI-0130
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges, une exécution de code arbitraire à distance et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure Connected Machine Agent | ||
| Microsoft | Azure | Azure File Sync v16.0 | ||
| Microsoft | Azure | Azure File Sync v14.0 | ||
| Microsoft | Azure | Microsoft Azure Active Directory B2C | ||
| Microsoft | Azure | Azure Kubernetes Service Confidential Containers | ||
| Microsoft | Azure | Azure File Sync v17.0 | ||
| Microsoft | Azure | Azure DevOps Server 2022.1 | ||
| Microsoft | Azure | Azure DevOps Server 2020.1.2 | ||
| Microsoft | Azure | Azure DevOps Server 2019.1.2 | ||
| Microsoft | Azure | Azure Stack Hub | ||
| Microsoft | Azure | Azure File Sync v15.0 | ||
| Microsoft | Azure | Azure Site Recovery |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Connected Machine Agent",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v16.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v14.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Azure Active Directory B2C",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Kubernetes Service Confidential Containers",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v17.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2022.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2020.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack Hub",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v15.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Site Recovery",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21329"
},
{
"name": "CVE-2024-20667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20667"
},
{
"name": "CVE-2024-21364",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21364"
},
{
"name": "CVE-2024-21376",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21376"
},
{
"name": "CVE-2024-21381",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21381"
},
{
"name": "CVE-2024-21403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21403"
},
{
"name": "CVE-2024-20679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20679"
},
{
"name": "CVE-2024-21397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21397"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21381 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21381"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20667 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20667"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21403 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21403"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21329 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21329"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21376 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21376"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20679 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21364 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21364"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21397 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21397"
}
],
"reference": "CERTFR-2024-AVI-0130",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code\narbitraire \u00e0 distance et une usurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
BDU:2024-01351
Vulnerability from fstec - Published: 13.02.2024
VLAI
Title
Уязвимость интегрированной системы гибридных облачных вычислений Azure Stack Hub, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг атаки
Description
Уязвимость интегрированной системы гибридных облачных вычислений Azure Stack Hub связана с ошибками представления информации пользовательским интерфейсом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить спуфинг атаки
Severity
Vendor
Microsoft Corp
Software Name
Azure Stack Hub
Software Version
- (Azure Stack Hub)
Possible Mitigations
Использование рекомендаций:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679
https://www.cybersecurity-help.cz/vdb/SB2024021376
CWE
CWE-451
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Azure Stack Hub)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.02.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.02.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.02.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-01351",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-20679",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Azure Stack Hub",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u044b\u0445 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0432\u044b\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0439 Azure Stack Hub, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "UI \u041b\u043e\u0436\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c. (CWE-451)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u044b\u0445 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0432\u044b\u0447\u0438\u0441\u043b\u0435\u043d\u0438\u0439 Azure Stack Hub \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0430\u0442\u0430\u043a\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679\nhttps://www.cybersecurity-help.cz/vdb/SB2024021376",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-451",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
FKIE_CVE-2024-20679
Vulnerability from fkie_nvd - Published: 2024-02-13 18:15 - Updated: 2024-11-21 08:52
Severity
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Azure Stack Hub Spoofing Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | azure_stack_hub | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEE9E34-FE45-43E2-BB61-075F9B9DF83D",
"versionEndExcluding": "1.2311.1.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure Stack Hub Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Azure Stack Hub"
}
],
"id": "CVE-2024-20679",
"lastModified": "2024-11-21T08:52:54.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-13T18:15:47.723",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-CX6W-8XMJ-8G7F
Vulnerability from github – Published: 2024-02-13 18:38 – Updated: 2024-02-13 18:38
VLAI
{
"affected": [],
"aliases": [
"CVE-2024-20679"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-13T18:15:47Z",
"severity": "MODERATE"
},
"details": "Azure Stack Hub Spoofing Vulnerability",
"id": "GHSA-cx6w-8xmj-8g7f",
"modified": "2024-02-13T18:38:23Z",
"published": "2024-02-13T18:38:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20679"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2024-20679
Vulnerability from gsd - Updated: 2023-12-13 01:21{
"GSD": {
"alias": "CVE-2024-20679",
"id": "GSD-2024-20679"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-20679"
],
"details": "Azure Stack Hub Spoofing Vulnerability",
"id": "GSD-2024-20679",
"modified": "2023-12-13T01:21:42.834535Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2024-20679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure Stack Hub",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.0",
"version_value": "1.2311.1.22"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Azure Stack Hub Spoofing Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-79",
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_stack_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DEE9E34-FE45-43E2-BB61-075F9B9DF83D",
"versionEndExcluding": "1.2311.1.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Azure Stack Hub Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Azure Stack Hub"
}
],
"id": "CVE-2024-20679",
"lastModified": "2024-04-11T20:15:13.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-02-13T18:15:47.723",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
}
}
}
MSRC_CVE-2024-20679
Vulnerability from csaf_microsoft - Published: 2024-02-13 08:00 - Updated: 2024-02-13 08:00Summary
Azure Stack Hub Spoofing Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Azure Stack Hub 1.2311.1.22
Azure Stack Hub
|
1.2311.1.22 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Azure Stack Hub <1.2311.1.22
Azure Stack Hub
|
<1.2311.1.22 |
Vendor Fix
fix
|
Threats
Impact
Spoofing
Exploit Status
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
References
7 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2024/m… | self |
| https://www.microsoft.com/en-us/msrc/exploitabili… | external |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/advisories/2024/m… | self |
Acknowledgments
Felix Boulet with Centre gouvernemental de cyberdéfense (CGCD)
{
"document": {
"acknowledgments": [
{
"names": [
"Felix Boulet with Centre gouvernemental de cyberd\u0026#233;fense (CGCD)"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-20679 Azure Stack Hub Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
},
{
"category": "self",
"summary": "CVE-2024-20679 Azure Stack Hub Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2024/msrc_cve-2024-20679.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Azure Stack Hub Spoofing Vulnerability",
"tracking": {
"current_release_date": "2024-02-13T08:00:00.000Z",
"generator": {
"date": "2025-05-03T01:36:59.796Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-20679",
"initial_release_date": "2024-02-13T08:00:00.000Z",
"revision_history": [
{
"date": "2024-02-13T08:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.2311.1.22",
"product": {
"name": "Azure Stack Hub \u003c1.2311.1.22",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "1.2311.1.22",
"product": {
"name": "Azure Stack Hub 1.2311.1.22",
"product_id": "11950"
}
}
],
"category": "product_name",
"name": "Azure Stack Hub"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-20679",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "The user would have to click on a specially crafted URL to be compromised by the attacker.",
"title": "According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?"
}
],
"product_status": {
"fixed": [
"11950"
],
"known_affected": [
"1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-20679 Azure Stack Hub Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
},
{
"category": "self",
"summary": "CVE-2024-20679 Azure Stack Hub Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2024/msrc_cve-2024-20679.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-02-13T08:00:00.000Z",
"details": "1.2311.1.22:Security Update:https://learn.microsoft.com/en-us/azure-stack/operator/relnotearchive/release-notes?view=azs-2102",
"product_ids": [
"1"
],
"url": "https://learn.microsoft.com/en-us/azure-stack/operator/relnotearchive/release-notes?view=azs-2102"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Spoofing"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
}
],
"title": "Azure Stack Hub Spoofing Vulnerability"
}
]
}
WID-SEC-W-2024-0362
Vulnerability from csaf_certbund - Published: 2024-02-13 23:00 - Updated: 2024-02-13 23:00Summary
Microsoft Azure: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Azure ist eine Cloud Computing-Plattform von Microsoft.
Microsoft Azure DevOps Server ist eine Plattform für kollaborative Softwareprojekte.
Azure Stack ist ein Microsoft-Produkt aus der Azure-Familie. Mit Azure Stack können die Public-Cloud-Services von Microsoft auch im eigenen Rechenzentrum betrieben werden.
Angriff: Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Microsoft Azure ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen und Daten falsch darzustellen.
Betroffene Betriebssysteme: - Windows
Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen gehören eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausführung eines Skripts, um über das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher Gäste und Container über den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und Informationen zu verfälschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Site Recovery
Microsoft / Azure
|
cpe:/a:microsoft:azure:site_recovery
|
Site Recovery | |
|
Microsoft Azure Stack Hub
Microsoft / Azure Stack
|
cpe:/a:microsoft:azure_stack:hub
|
Hub | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure DevOps Server 2022.1
Microsoft / Azure DevOps Server
|
cpe:/o:microsoft:azure_devops_server:2022.1
|
2022.1 | |
|
Microsoft Azure Active Directory B2C
Microsoft / Azure
|
cpe:/a:microsoft:azure:active_directory_b2c
|
Active Directory B2C | |
|
Microsoft Azure Connected Machine Agent
Microsoft / Azure
|
cpe:/a:microsoft:azure:connected_machine_agent
|
Connected Machine Agent | |
|
Microsoft Azure File Sync v16.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v16.0
|
File Sync v16.0 | |
|
Microsoft Azure File Sync v17.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v17.0
|
File Sync v17.0 | |
|
Microsoft Azure File Sync v14.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v14.0
|
File Sync v14.0 | |
|
Microsoft Azure File Sync v15.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v15.0
|
File Sync v15.0 |
Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen gehören eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausführung eines Skripts, um über das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher Gäste und Container über den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und Informationen zu verfälschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Site Recovery
Microsoft / Azure
|
cpe:/a:microsoft:azure:site_recovery
|
Site Recovery | |
|
Microsoft Azure Stack Hub
Microsoft / Azure Stack
|
cpe:/a:microsoft:azure_stack:hub
|
Hub | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure DevOps Server 2022.1
Microsoft / Azure DevOps Server
|
cpe:/o:microsoft:azure_devops_server:2022.1
|
2022.1 | |
|
Microsoft Azure Active Directory B2C
Microsoft / Azure
|
cpe:/a:microsoft:azure:active_directory_b2c
|
Active Directory B2C | |
|
Microsoft Azure Connected Machine Agent
Microsoft / Azure
|
cpe:/a:microsoft:azure:connected_machine_agent
|
Connected Machine Agent | |
|
Microsoft Azure File Sync v16.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v16.0
|
File Sync v16.0 | |
|
Microsoft Azure File Sync v17.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v17.0
|
File Sync v17.0 | |
|
Microsoft Azure File Sync v14.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v14.0
|
File Sync v14.0 | |
|
Microsoft Azure File Sync v15.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v15.0
|
File Sync v15.0 |
Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen gehören eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausführung eines Skripts, um über das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher Gäste und Container über den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und Informationen zu verfälschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Site Recovery
Microsoft / Azure
|
cpe:/a:microsoft:azure:site_recovery
|
Site Recovery | |
|
Microsoft Azure Stack Hub
Microsoft / Azure Stack
|
cpe:/a:microsoft:azure_stack:hub
|
Hub | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure DevOps Server 2022.1
Microsoft / Azure DevOps Server
|
cpe:/o:microsoft:azure_devops_server:2022.1
|
2022.1 | |
|
Microsoft Azure Active Directory B2C
Microsoft / Azure
|
cpe:/a:microsoft:azure:active_directory_b2c
|
Active Directory B2C | |
|
Microsoft Azure Connected Machine Agent
Microsoft / Azure
|
cpe:/a:microsoft:azure:connected_machine_agent
|
Connected Machine Agent | |
|
Microsoft Azure File Sync v16.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v16.0
|
File Sync v16.0 | |
|
Microsoft Azure File Sync v17.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v17.0
|
File Sync v17.0 | |
|
Microsoft Azure File Sync v14.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v14.0
|
File Sync v14.0 | |
|
Microsoft Azure File Sync v15.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v15.0
|
File Sync v15.0 |
Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen gehören eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausführung eines Skripts, um über das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher Gäste und Container über den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und Informationen zu verfälschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Site Recovery
Microsoft / Azure
|
cpe:/a:microsoft:azure:site_recovery
|
Site Recovery | |
|
Microsoft Azure Stack Hub
Microsoft / Azure Stack
|
cpe:/a:microsoft:azure_stack:hub
|
Hub | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure DevOps Server 2022.1
Microsoft / Azure DevOps Server
|
cpe:/o:microsoft:azure_devops_server:2022.1
|
2022.1 | |
|
Microsoft Azure Active Directory B2C
Microsoft / Azure
|
cpe:/a:microsoft:azure:active_directory_b2c
|
Active Directory B2C | |
|
Microsoft Azure Connected Machine Agent
Microsoft / Azure
|
cpe:/a:microsoft:azure:connected_machine_agent
|
Connected Machine Agent | |
|
Microsoft Azure File Sync v16.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v16.0
|
File Sync v16.0 | |
|
Microsoft Azure File Sync v17.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v17.0
|
File Sync v17.0 | |
|
Microsoft Azure File Sync v14.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v14.0
|
File Sync v14.0 | |
|
Microsoft Azure File Sync v15.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v15.0
|
File Sync v15.0 |
Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen gehören eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausführung eines Skripts, um über das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher Gäste und Container über den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und Informationen zu verfälschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Site Recovery
Microsoft / Azure
|
cpe:/a:microsoft:azure:site_recovery
|
Site Recovery | |
|
Microsoft Azure Stack Hub
Microsoft / Azure Stack
|
cpe:/a:microsoft:azure_stack:hub
|
Hub | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure DevOps Server 2022.1
Microsoft / Azure DevOps Server
|
cpe:/o:microsoft:azure_devops_server:2022.1
|
2022.1 | |
|
Microsoft Azure Active Directory B2C
Microsoft / Azure
|
cpe:/a:microsoft:azure:active_directory_b2c
|
Active Directory B2C | |
|
Microsoft Azure Connected Machine Agent
Microsoft / Azure
|
cpe:/a:microsoft:azure:connected_machine_agent
|
Connected Machine Agent | |
|
Microsoft Azure File Sync v16.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v16.0
|
File Sync v16.0 | |
|
Microsoft Azure File Sync v17.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v17.0
|
File Sync v17.0 | |
|
Microsoft Azure File Sync v14.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v14.0
|
File Sync v14.0 | |
|
Microsoft Azure File Sync v15.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v15.0
|
File Sync v15.0 |
Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen gehören eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausführung eines Skripts, um über das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher Gäste und Container über den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und Informationen zu verfälschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Site Recovery
Microsoft / Azure
|
cpe:/a:microsoft:azure:site_recovery
|
Site Recovery | |
|
Microsoft Azure Stack Hub
Microsoft / Azure Stack
|
cpe:/a:microsoft:azure_stack:hub
|
Hub | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure DevOps Server 2022.1
Microsoft / Azure DevOps Server
|
cpe:/o:microsoft:azure_devops_server:2022.1
|
2022.1 | |
|
Microsoft Azure Active Directory B2C
Microsoft / Azure
|
cpe:/a:microsoft:azure:active_directory_b2c
|
Active Directory B2C | |
|
Microsoft Azure Connected Machine Agent
Microsoft / Azure
|
cpe:/a:microsoft:azure:connected_machine_agent
|
Connected Machine Agent | |
|
Microsoft Azure File Sync v16.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v16.0
|
File Sync v16.0 | |
|
Microsoft Azure File Sync v17.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v17.0
|
File Sync v17.0 | |
|
Microsoft Azure File Sync v14.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v14.0
|
File Sync v14.0 | |
|
Microsoft Azure File Sync v15.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v15.0
|
File Sync v15.0 |
Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen gehören eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausführung eines Skripts, um über das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher Gäste und Container über den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und Informationen zu verfälschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Site Recovery
Microsoft / Azure
|
cpe:/a:microsoft:azure:site_recovery
|
Site Recovery | |
|
Microsoft Azure Stack Hub
Microsoft / Azure Stack
|
cpe:/a:microsoft:azure_stack:hub
|
Hub | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure DevOps Server 2022.1
Microsoft / Azure DevOps Server
|
cpe:/o:microsoft:azure_devops_server:2022.1
|
2022.1 | |
|
Microsoft Azure Active Directory B2C
Microsoft / Azure
|
cpe:/a:microsoft:azure:active_directory_b2c
|
Active Directory B2C | |
|
Microsoft Azure Connected Machine Agent
Microsoft / Azure
|
cpe:/a:microsoft:azure:connected_machine_agent
|
Connected Machine Agent | |
|
Microsoft Azure File Sync v16.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v16.0
|
File Sync v16.0 | |
|
Microsoft Azure File Sync v17.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v17.0
|
File Sync v17.0 | |
|
Microsoft Azure File Sync v14.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v14.0
|
File Sync v14.0 | |
|
Microsoft Azure File Sync v15.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v15.0
|
File Sync v15.0 |
Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen gehören eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausführung eines Skripts, um über das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher Gäste und Container über den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und Informationen zu verfälschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Site Recovery
Microsoft / Azure
|
cpe:/a:microsoft:azure:site_recovery
|
Site Recovery | |
|
Microsoft Azure Stack Hub
Microsoft / Azure Stack
|
cpe:/a:microsoft:azure_stack:hub
|
Hub | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure DevOps Server 2022.1
Microsoft / Azure DevOps Server
|
cpe:/o:microsoft:azure_devops_server:2022.1
|
2022.1 | |
|
Microsoft Azure Active Directory B2C
Microsoft / Azure
|
cpe:/a:microsoft:azure:active_directory_b2c
|
Active Directory B2C | |
|
Microsoft Azure Connected Machine Agent
Microsoft / Azure
|
cpe:/a:microsoft:azure:connected_machine_agent
|
Connected Machine Agent | |
|
Microsoft Azure File Sync v16.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v16.0
|
File Sync v16.0 | |
|
Microsoft Azure File Sync v17.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v17.0
|
File Sync v17.0 | |
|
Microsoft Azure File Sync v14.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v14.0
|
File Sync v14.0 | |
|
Microsoft Azure File Sync v15.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v15.0
|
File Sync v15.0 |
Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen gehören eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausführung eines Skripts, um über das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher Gäste und Container über den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen und Informationen zu verfälschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Site Recovery
Microsoft / Azure
|
cpe:/a:microsoft:azure:site_recovery
|
Site Recovery | |
|
Microsoft Azure Stack Hub
Microsoft / Azure Stack
|
cpe:/a:microsoft:azure_stack:hub
|
Hub | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure DevOps Server 2022.1
Microsoft / Azure DevOps Server
|
cpe:/o:microsoft:azure_devops_server:2022.1
|
2022.1 | |
|
Microsoft Azure Active Directory B2C
Microsoft / Azure
|
cpe:/a:microsoft:azure:active_directory_b2c
|
Active Directory B2C | |
|
Microsoft Azure Connected Machine Agent
Microsoft / Azure
|
cpe:/a:microsoft:azure:connected_machine_agent
|
Connected Machine Agent | |
|
Microsoft Azure File Sync v16.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v16.0
|
File Sync v16.0 | |
|
Microsoft Azure File Sync v17.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v17.0
|
File Sync v17.0 | |
|
Microsoft Azure File Sync v14.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v14.0
|
File Sync v14.0 | |
|
Microsoft Azure File Sync v15.0
Microsoft / Azure
|
cpe:/a:microsoft:azure:file_sync_v15.0
|
File Sync v15.0 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Azure ist eine Cloud Computing-Plattform von Microsoft.\r\nMicrosoft Azure DevOps Server ist eine Plattform f\u00fcr kollaborative Softwareprojekte.\r\nAzure Stack ist ein Microsoft-Produkt aus der Azure-Familie. Mit Azure Stack k\u00f6nnen die Public-Cloud-Services von Microsoft auch im eigenen Rechenzentrum betrieben werden.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Microsoft Azure ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren und Daten falsch darzustellen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0362 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0362.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0362 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0362"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2024-02-13",
"url": "https://msrc.microsoft.com/update-guide"
}
],
"source_lang": "en-US",
"title": "Microsoft Azure: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-02-13T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:05:09.508+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0362",
"initial_release_date": "2024-02-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-02-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Active Directory B2C",
"product": {
"name": "Microsoft Azure Active Directory B2C",
"product_id": "T032724",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:active_directory_b2c"
}
}
},
{
"category": "product_version",
"name": "Connected Machine Agent",
"product": {
"name": "Microsoft Azure Connected Machine Agent",
"product_id": "T032725",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:connected_machine_agent"
}
}
},
{
"category": "product_version",
"name": "File Sync v14.0",
"product": {
"name": "Microsoft Azure File Sync v14.0",
"product_id": "T032726",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:file_sync_v14.0"
}
}
},
{
"category": "product_version",
"name": "File Sync v15.0",
"product": {
"name": "Microsoft Azure File Sync v15.0",
"product_id": "T032727",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:file_sync_v15.0"
}
}
},
{
"category": "product_version",
"name": "File Sync v16.0",
"product": {
"name": "Microsoft Azure File Sync v16.0",
"product_id": "T032728",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:file_sync_v16.0"
}
}
},
{
"category": "product_version",
"name": "File Sync v17.0",
"product": {
"name": "Microsoft Azure File Sync v17.0",
"product_id": "T032729",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:file_sync_v17.0"
}
}
},
{
"category": "product_version",
"name": "Kubernetes Service Confidential Containers",
"product": {
"name": "Microsoft Azure Kubernetes Service Confidential Containers",
"product_id": "T032730",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:kubernetes_service_confidential_containers"
}
}
},
{
"category": "product_version",
"name": "Site Recovery",
"product": {
"name": "Microsoft Azure Site Recovery",
"product_id": "T032731",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:site_recovery"
}
}
}
],
"category": "product_name",
"name": "Azure"
},
{
"branches": [
{
"category": "product_version",
"name": "2022.1",
"product": {
"name": "Microsoft Azure DevOps Server 2022.1",
"product_id": "T031700",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_devops_server:2022.1"
}
}
}
],
"category": "product_name",
"name": "Azure DevOps Server"
},
{
"branches": [
{
"category": "product_version",
"name": "Hub",
"product": {
"name": "Microsoft Azure Stack Hub",
"product_id": "T032732",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure_stack:hub"
}
}
}
],
"category": "product_name",
"name": "Azure Stack"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21403",
"notes": [
{
"category": "description",
"text": "Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen geh\u00f6ren eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausf\u00fchrung eines Skripts, um \u00fcber das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher G\u00e4ste und Container \u00fcber den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren und Informationen zu verf\u00e4lschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032731",
"T032732",
"T032730",
"T031700",
"T032724",
"T032725",
"T032728",
"T032729",
"T032726",
"T032727"
]
},
"release_date": "2024-02-13T23:00:00.000+00:00",
"title": "CVE-2024-21403"
},
{
"cve": "CVE-2024-21401",
"notes": [
{
"category": "description",
"text": "Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen geh\u00f6ren eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausf\u00fchrung eines Skripts, um \u00fcber das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher G\u00e4ste und Container \u00fcber den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren und Informationen zu verf\u00e4lschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032731",
"T032732",
"T032730",
"T031700",
"T032724",
"T032725",
"T032728",
"T032729",
"T032726",
"T032727"
]
},
"release_date": "2024-02-13T23:00:00.000+00:00",
"title": "CVE-2024-21401"
},
{
"cve": "CVE-2024-21397",
"notes": [
{
"category": "description",
"text": "Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen geh\u00f6ren eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausf\u00fchrung eines Skripts, um \u00fcber das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher G\u00e4ste und Container \u00fcber den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren und Informationen zu verf\u00e4lschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032731",
"T032732",
"T032730",
"T031700",
"T032724",
"T032725",
"T032728",
"T032729",
"T032726",
"T032727"
]
},
"release_date": "2024-02-13T23:00:00.000+00:00",
"title": "CVE-2024-21397"
},
{
"cve": "CVE-2024-21381",
"notes": [
{
"category": "description",
"text": "Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen geh\u00f6ren eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausf\u00fchrung eines Skripts, um \u00fcber das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher G\u00e4ste und Container \u00fcber den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren und Informationen zu verf\u00e4lschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032731",
"T032732",
"T032730",
"T031700",
"T032724",
"T032725",
"T032728",
"T032729",
"T032726",
"T032727"
]
},
"release_date": "2024-02-13T23:00:00.000+00:00",
"title": "CVE-2024-21381"
},
{
"cve": "CVE-2024-21376",
"notes": [
{
"category": "description",
"text": "Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen geh\u00f6ren eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausf\u00fchrung eines Skripts, um \u00fcber das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher G\u00e4ste und Container \u00fcber den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren und Informationen zu verf\u00e4lschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032731",
"T032732",
"T032730",
"T031700",
"T032724",
"T032725",
"T032728",
"T032729",
"T032726",
"T032727"
]
},
"release_date": "2024-02-13T23:00:00.000+00:00",
"title": "CVE-2024-21376"
},
{
"cve": "CVE-2024-21364",
"notes": [
{
"category": "description",
"text": "Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen geh\u00f6ren eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausf\u00fchrung eines Skripts, um \u00fcber das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher G\u00e4ste und Container \u00fcber den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren und Informationen zu verf\u00e4lschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032731",
"T032732",
"T032730",
"T031700",
"T032724",
"T032725",
"T032728",
"T032729",
"T032726",
"T032727"
]
},
"release_date": "2024-02-13T23:00:00.000+00:00",
"title": "CVE-2024-21364"
},
{
"cve": "CVE-2024-21329",
"notes": [
{
"category": "description",
"text": "Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen geh\u00f6ren eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausf\u00fchrung eines Skripts, um \u00fcber das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher G\u00e4ste und Container \u00fcber den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren und Informationen zu verf\u00e4lschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032731",
"T032732",
"T032730",
"T031700",
"T032724",
"T032725",
"T032728",
"T032729",
"T032726",
"T032727"
]
},
"release_date": "2024-02-13T23:00:00.000+00:00",
"title": "CVE-2024-21329"
},
{
"cve": "CVE-2024-20679",
"notes": [
{
"category": "description",
"text": "Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen geh\u00f6ren eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausf\u00fchrung eines Skripts, um \u00fcber das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher G\u00e4ste und Container \u00fcber den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren und Informationen zu verf\u00e4lschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032731",
"T032732",
"T032730",
"T031700",
"T032724",
"T032725",
"T032728",
"T032729",
"T032726",
"T032727"
]
},
"release_date": "2024-02-13T23:00:00.000+00:00",
"title": "CVE-2024-20679"
},
{
"cve": "CVE-2024-20667",
"notes": [
{
"category": "description",
"text": "Es wurden mehrere Schwachstellen in Microsoft Azure gemeldet. Zu den Schwachstellen geh\u00f6ren eine potenzielle Ausweitung der Privilegien auf dem IUSR, das das MySQL-Root-Passwort ermitteln kann, die Erstellung neuer Dateien in Verzeichnissen, auf die normalerweise nicht zugegriffen werden kann, die Ausf\u00fchrung eines Skripts, um \u00fcber das Internet auf einen bestimmten Jira-Server zuzugreifen, das Hijacking vertraulicher G\u00e4ste und Container \u00fcber den Netzwerkstapel hinaus sowie ein Machine-in-the-Middle-Angriff. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuf\u00fchren und Informationen zu verf\u00e4lschen. Das erfolgreiche Ausnutzen einer dieser Schwachstellen erfordert eine Benutzerinteraktion."
}
],
"product_status": {
"known_affected": [
"T032731",
"T032732",
"T032730",
"T031700",
"T032724",
"T032725",
"T032728",
"T032729",
"T032726",
"T032727"
]
},
"release_date": "2024-02-13T23:00:00.000+00:00",
"title": "CVE-2024-20667"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…