Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVE-2024-29990

9CRITICAL

Key Information:

Vendor

Microsoft
Status
Azure Kubernetes Service
Vendor
CVE Published:
9 April 2024

Badges

๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

What is CVE-2024-29990?

A vulnerability in Microsoft Azure Kubernetes Service allows for elevation of privilege within confidential containers. This issue could lead to unauthorized access and manipulation of sensitive data, posing risks to security integrity. Organizations utilizing Azure Kubernetes Service should prioritize this vulnerability, as it may affect system operations and data confidentiality. The specific attack vector involves the exploitation of misconfigurations or inadequate validation processes within the service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Azure Kubernetes Service Unknown 1.0.0 < 0.3.4

News Articles

favicon imageRedLegg

Patch Tuesday - April 2024

Stay informed with RedLegg's critical Patch Tuesday updates for April 2024, addressing vulnerabilities in Microsoft Azure, SmartScreen, Defender for IoT, and more. All this and more...

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by RedLegg

  • Vulnerability published

  • Vulnerability Reserved

JSON
.