Описание
Azure Storage Library Information Disclosure Vulnerability
FAQ
What is CBC padding in storage SDK?
Azure Storage .NET, Java, and Python SDKs use cipher block chaining (CBC mode) for client-side encryption. This client-side encryption is used by very small set of customers, who encrypt their data on the client with a customer-managed key that is maintained in Azure Key Vault or another key store before uploading to Azure Storage.
What type of information could be disclosed by this vulnerability?
An attacker who successfully exploited this vulnerability could decrypt data on the client side and disclose the content of the file or blob.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure Storage Blobs client library for .NET | ||
| Azure Storage Blobs client library for Python | ||
| Azure Storage Queues client library for .NET | ||
| Azure Storage Blobs client library for Java | ||
| Azure Storage Queues client library for Python |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
4.7 Medium
CVSS3
Связанные уязвимости
Azure Storage Library Information Disclosure Vulnerability
Azure Storage Library Information Disclosure Vulnerability
Security update for python-azure-core, python-azure-storage-blob, python-azure-storage-queue, python-typing, python-typing_extensions
EPSS
4.7 Medium
CVSS3