Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2023-21777

8.7HIGH

Key Information:

Vendor: Microsoft
Status: Azure App Service On Azure Stack Hub
Vendor: CVE Published:; 14 February 2023

Summary

The vulnerability in Azure App Service on Azure Stack Hub allows an attacker to gain elevated privileges, potentially compromising the integrity and confidentiality of the application. This can lead to unauthorized access and exposure of sensitive data. Organizations using Azure App Service need to ensure they are protected against this type of exploitation to maintain compliance and secure their applications.

Affected Version(s)

Azure App Service on Azure Stack Hub Unknown 98.0.0 < 98.0.1.703

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Dec 16, 2022