Описание
Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who exploited this vulnerability could execute arbitrary commands within the affected ACI container’s context, allowing them to run code with the same privileges as the compromised container. In confidential‑container scenarios, this could also let an attacker access sensitive secrets or data protected by the attested environment.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft ACI Confidential Containers |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
6.7 Medium
CVSS3
Связанные уязвимости
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
Уязвимость программного обеспечения Microsoft ACI Confidential Containers, связанная с непринятием мер по очистке данных на управляющем уровне, позволяющая нарушителю повысить свои привилегии
EPSS
6.7 Medium
CVSS3