Описание
Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
FAQ
Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?
This vulnerability has been mitigated by Microsoft in the Azure Confidential ACI service. No service update, patch, reboot, or upgrade is required.
In Azure Confidential ACI scenarios, customers are responsible for enforcing existing Confidential Compute security policies. Customers should verify that their policies enforce the documented minimum Security Version Number (SVN) for the Utility VM (UVM), as described in the Confidential ACI configuration guidance.
If a customer determines that their policy configuration does not align with the published minimum SVN guidance, correcting the configuration is part of normal policy enforcement and not a remediation action introduced by this CVE. No additional customer action is required beyond adherence to existing guidance.
Please refer to the following for more information: https://github.com/microsoft/confidential-aci-examples/blob/main/docs/Confidential_ACI_SCHEME.md
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
6.7 Medium
CVSS3
Связанные уязвимости
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
EPSS
6.7 Medium
CVSS3