CVE-2020-16904

Опубликовано: 16 окт. 2020

Источник: nvd

CVSS3: 5.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.

An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.

This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16904
Patch
Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16904
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:azure_functions:-:*:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02759

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-863

Связанные уязвимости

CVE-2020-16904

msrc

больше 5 лет назад

Azure Functions Elevation of Privilege Vulnerability

GHSA-v3gf-q256-843h

CVSS3: 5.3

github

больше 3 лет назад

An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions., aka 'Azure Functions Elevation of Privilege Vulnerability'.

BDU:2020-04900

CVSS3: 9.8

fstec

больше 5 лет назад

Уязвимость службы Azure Functions операционной системы Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 86%

0.02759

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-863