Azure CLI REST Command Information Disclosure Vulnerability
CVE-2023-36052

8.6HIGH

Key Information:

Vendor: Microsoft
Status: Azure App Service; Azure Function App; Azure Logic App
Vendor: CVE Published:; 14 November 2023

What is CVE-2023-36052?

An information disclosure vulnerability exists in Microsoft Azure CLI, allowing unauthorized access to sensitive data through its REST commands. This vulnerability can expose critical information, potentially impacting the security and confidentiality of systems utilizing Azure services. Users are advised to update their Azure CLI to mitigate the risks associated with this issue.

Affected Version(s)

Azure App Service Unknown 1.0.0 < 2.53.1

Azure Function App Unknown 1.0.0 < 2.53.1

Azure Logic App Unknown 1.0.0 < 2.53.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jun 20, 2023