Описание
Azure Batch Node Agent Elevation of Privilege Vulnerability
FAQ
How do I determine what version of Azure Batch is running?
Using a client targeting REST API version 2018-08-01.7.0 or newer call the get compute node or list compute nodes APIs and examine the version property of nodeAgentInfo. Your system should be running Batch Agent version 1.9.27 or later.
How do I update my Batch Agent?
If you are not running Batch Agent version 1.9.27 or later, you need to resize your pools to zero or recreate your pool. This will update the Batch Agent to the latest version. Your pool won't receive node agent updates unless it's recreated (or if it's resized to 0 compute nodes). See Azure Batch best practices - Pool lifetime and billing for more information.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
7 High
CVSS3
Связанные уязвимости
Azure Batch Node Agent Elevation of Privilege Vulnerability
Azure Batch Node Agent Elevation of Privilege Vulnerability.
Уязвимость службы Azure Batch операционных систем Windows, позволяющая нарушителю повысить свои привилегии
EPSS
7 High
CVSS3