Описание
Azure CycleCloud Remote Code Execution Vulnerability
FAQ
How could an attacker exploit this vulnerability?
An attacker with basic user permissions can send specially crafted requests to modify the configuration of an Azure CycleCloud cluster to gain Root level permissions enabling them to execute commands on any Azure CycleCloud cluster in the current instance and in some scenarios, compromise administrator credentials.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure CycleCloud 8.2.0 | ||
| Azure CycleCloud 8.0.0 | ||
| Azure CycleCloud 8.6.0 | ||
| Azure CycleCloud 8.0.1 | ||
| Azure CycleCloud 8.0.2 | ||
| Azure CycleCloud 8.1.0 | ||
| Azure CycleCloud 8.1.1 | ||
| Azure CycleCloud 8.2.2 | ||
| Azure CycleCloud 8.2.1 | ||
| Azure CycleCloud 8.3.0 |
Показывать по
10
Возможность эксплуатации
Publicly Disclosed
No
Exploited
No
Latest Software Release
Exploitation Less Likely
DOS
N/A
EPSS
Процентиль: 66%
0.00526
Низкий
8.8 High
CVSS3
Связанные уязвимости
CVSS3: 8.8
github
больше 1 года назад
Azure CycleCloud Remote Code Execution Vulnerability
EPSS
Процентиль: 66%
0.00526
Низкий
8.8 High
CVSS3