Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-39327

Опубликовано: 25 окт. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 8.1

Описание

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the & or | symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/focal

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

DNE

kinetic

DNE

lunar

DNE

mantic

DNE

noble

DNE

oracular

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 79%
0.01311
Низкий

8.1 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-39327

CVSS3: 8.1
nvd
больше 3 лет назад

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.

msrc логотип

CVE-2022-39327

msrc
около 3 лет назад

GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI

debian логотип

CVE-2022-39327

CVSS3: 8.1
debian
больше 3 лет назад

Azure CLI is the command-line interface for Microsoft Azure. In versio ...

github логотип

GHSA-47xc-9rr2-q7p4

CVSS3: 8.1
github
больше 3 лет назад

Improper Control of Generation of Code ('Code Injection') in Azure CLI

fstec логотип

BDU:2022-07463

CVSS3: 9.8
fstec
около 3 лет назад

Уязвимость интерфейса командной строки (CLI) платформы Microsoft Azure, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 79%
0.01311
Низкий

8.1 High

CVSS3