Azure Service Fabric Container Elevation of Privilege Vulnerability
CVE-2023-21531

7HIGH

Key Information:

Vendor: Microsoft
Status: Azure Service Fabric 8.2; Azure Service Fabric 9.0 For Linux; Azure Service Fabric 9.1
Vendor: CVE Published:; 10 January 2023

Summary

This vulnerability allows an attacker to elevate privileges within the Azure Service Fabric environment, potentially enabling unauthorized access to sensitive resources. Proper attention and swift remediation are required to mitigate risks related to privilege escalation.

Affected Version(s)

Azure Service Fabric 8.2 Unknown 8.2 < 8.2 CU8

Azure Service Fabric 9.0 for Linux Unknown 9.0 < 9.0 CU5

Azure Service Fabric 9.1 Unknown 9.1 < 9.1 CU1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2023
Vulnerability Reserved
Dec 1, 2022