Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
CVE-2023-29332

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Azure Kubernetes Service
Vendor: CVE Published:; 12 September 2023

Summary

An elevation of privilege vulnerability exists in Microsoft Azure Kubernetes Service that could allow an attacker to gain elevated permissions. This could enable unauthorized access to systems and data within the Kubernetes environment, presenting significant security risks for organizations utilizing this cloud service. Proper configurations and security measures are essential to mitigate the potential impact of this vulnerability.

Affected Version(s)

Azure Kubernetes Service Unknown 1.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Apr 4, 2023