Описание
Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the & or | symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.
Ссылки
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitMitigationThird Party Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitMitigationThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
8.1 High
CVSS3
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.
GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI
Azure CLI is the command-line interface for Microsoft Azure. In versio ...
Improper Control of Generation of Code ('Code Injection') in Azure CLI
Уязвимость интерфейса командной строки (CLI) платформы Microsoft Azure, позволяющая нарушителю выполнить произвольный код
EPSS
8.1 High
CVSS3
9.8 Critical
CVSS3