Confidential Container Remote Code Execution Vulnerability
CVE-2024-21376

9CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Kubernetes Service
Vendor: CVE Published:; 13 February 2024

Summary

A remote code execution vulnerability exists in Microsoft Azure Kubernetes Service, specifically affecting the Confidential Container feature. This vulnerability may allow an attacker to execute arbitrary code on the host operating system of the Kubernetes cluster. A successful exploitation can lead to unauthorized access and control over sensitive data and applications running in compromised containers. Organizations utilizing Microsoft Azure Kubernetes Service should prioritize patching and configuring their systems appropriately to mitigate associated risks. For further insights, you can refer to the Microsoft Advisory at: Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability.

Affected Version(s)

Azure Kubernetes Service Unknown 1.0.0 < 0.3.3

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Dec 8, 2023

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed