Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-29990

9CRITICAL

Key Information:

Vendor
Microsoft
Status
Azure Kubernetes Service
Vendor
CVE Published:
9 April 2024

Badges

πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

Summary

A vulnerability in Microsoft Azure Kubernetes Service allows for elevation of privilege within confidential containers. This issue could lead to unauthorized access and manipulation of sensitive data, posing risks to security integrity. Organizations utilizing Azure Kubernetes Service should prioritize this vulnerability, as it may affect system operations and data confidentiality. The specific attack vector involves the exploitation of misconfigurations or inadequate validation processes within the service.

Affected Version(s)

Azure Kubernetes Service Unknown 1.0.0 < 0.3.4

News Articles

favicon imageRedLegg

Patch Tuesday - April 2024

Stay informed with RedLegg's critical Patch Tuesday updates for April 2024, addressing vulnerabilities in Microsoft Azure, SmartScreen, Defender for IoT, and more. All this and more...

9 months ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by RedLegg

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed1 News Article(s)
.