← Back

CVE-2024-28917

nvd nist
Published: Apr 9, 2024Modified: Jan 7, 2025

JSON object

Loading...
6.2
Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Exploitability: 1.7 / Impact: 4.0
Source: secure@microsoft.com (Secondary)

Description

Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability

Affected (7)

Microsoft
7 products
Azure Arc Extension Microsoft.azstackhci.operator
Azure Arc Extension Microsoft.azure.hybridnetwork
Azure Arc Extension Microsoft.azurekeyvaultsecretsprovider
Azure Arc Extension Microsoft.iotoperations.mq
Azure Arc Extension Microsoft.networkfabricserviceextension
Azure Arc Extension Microsoft.openservicemesh
Azure Arc Extension Microsoft.videoindexer
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Azure Arc Extension Microsoft.azstackhci.operator
From 1.0.0 to 5.0.5
Azure Arc Extension Microsoft.azure.hybridnetwork
From 1.0.0 to 1.0.2620-162
Azure Arc Extension Microsoft.azurekeyvaultsecretsprovider
From 1.0.0 to 1.5.2
Azure Arc Extension Microsoft.iotoperations.mq
Before 0.3.0-preview
Azure Arc Extension Microsoft.networkfabricserviceextension
From 1.0.0 to 5.1.3
Azure Arc Extension Microsoft.openservicemesh
From 1.0.0 to 1.2.6
Azure Arc Extension Microsoft.videoindexer
From 1.0.0 to 1.1.2

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: secure@microsoft.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.