Описание
Azure Local Cluster Information Disclosure Vulnerability
Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is device information such as a token, credentials, resource ids, sas tokens, user properties, and other sensitive information.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H) and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could view sensitive information, such as a token and credential in this scenario (Confidentiality) and make changes to disclosed information (Integrity), and they might be able to force a crash within the service (Availability).
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.3 High
CVSS3
Связанные уязвимости
Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally.
Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally.
Уязвимость программного средства для развертывания и управления кластерами Kubernetes на локальной инфраструктуре Azure Local Cluster, связанная с недостаточной защитой регистрационных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.3 High
CVSS3