Описание
Azure CycleCloud Elevation of Privilege Vulnerability
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
The attacker who successfully exploited the vulnerability could elevate privileges to the Administrator role in the vulnerable Azure CycleCloud instance.
According to the CVSS metric, privileges required is Low (PR:L). What does that mean for this vulnerability?
To exploit this vulnerability an attacker must have an account with the User role assigned.
What actions do customers need to take to protect themselves from this vulnerability?
Azure CycleCloud versions 7.9.0 - 7.9.11 were retired on 30 September, 2023 as documented here: CycleCloud 7 Retirement Guide. Customers with existing CycleCloud deployments using versions 7.9.0 - 7.9.11 must migrate their resources to CycleCloud version 8.6.2 to be protected by following the instructions here: Upgrading CycleCloud.
Customers with existing CycleCloud deployments using versions 8.0.0 - 8.6.0 should update their resources to CycleCloud version 8.6.2 to be protected by following the instructions here: Upgrading CycleCloud.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure CycleCloud 7.9.10 | ||
| Azure CycleCloud 8.2.0 | ||
| Azure CycleCloud 8.0.0 | ||
| Azure CycleCloud 8.6.0 | ||
| Azure CycleCloud 7.9.0 | ||
| Azure CycleCloud 7.9.1 | ||
| Azure CycleCloud 7.9.2 | ||
| Azure CycleCloud 7.9.3 | ||
| Azure CycleCloud 7.9.4 | ||
| Azure CycleCloud 7.9.5 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.8 High
CVSS3
Связанные уязвимости
Azure CycleCloud Elevation of Privilege Vulnerability
Уязвимость инструмента для организации и управления средами высокопроизводительных вычислений (HPC) Azure CycleCloud, связанная с нарушением механизма защиты данных, позволяющая нарушителю повысить свои привилегии
EPSS
8.8 High
CVSS3