Confidential Container Elevation of Privilege Vulnerability
CVE-2024-21400

9CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Kubernetes Service
Vendor: CVE Published:; 12 March 2024

Badges

👾 Exploit Exists

Summary

The vulnerability in Microsoft Azure Kubernetes Service relates to the elevation of privilege in confidential containers, allowing unauthorized users potentially to gain elevated access to otherwise restricted resources. This can lead to significant security risks if exploited, making it crucial for organizations utilizing Azure Kubernetes Service to apply necessary patches and updates promptly. Effective configuration and regular updates are essential steps in mitigating this risk and securing cloud infrastructures.

Affected Version(s)

Azure Kubernetes Service Unknown 1.0.0 < 0.3.3

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

🟡
Public PoC available
Mar 13, 2024
👾
Exploit known to exist
Mar 13, 2024
Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Dec 8, 2023

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed0 Proof of Concept(s)