Description
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Microsoft Azure Kubernetes Service Confidential Container can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Microsoft Entra Jira Single-Sign-On Plugin can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Microsoft Azure File Sync can be exploited remotely to gain privileges.
- A remote code execution vulnerability in Azure DevOps Server can be exploited remotely to execute arbitrary code.
- A spoofing vulnerability in Azure Stack Hub can be exploited remotely to spoof user interface.
- An elevation of privilege vulnerability in Microsoft Azure Site Recovery can be exploited remotely to gain privileges.
- An elevation of privilege vulnerability in Azure Connected Machine Agent can be exploited remotely to gain privileges.
- A spoofing vulnerability in Microsoft Azure Active Directory B2C can be exploited remotely to spoof user interface.
- A remote code execution vulnerability in Microsoft Azure Kubernetes Service Confidential Container can be exploited remotely to execute arbitrary code.
Original advisories
- CVE-2024-21401
- CVE-2024-21397
- CVE-2024-20667
- CVE-2024-20679
- CVE-2024-21364
- CVE-2024-21329
- CVE-2024-21381
- CVE-2024-21376
Related products
CVE list
- CVE-2024-21403 critical
- CVE-2024-21401 critical
- CVE-2024-21397 high
- CVE-2024-20667 critical
- CVE-2024-20679 high
- CVE-2024-21364 critical
- CVE-2024-21329 high
- CVE-2024-21381 high
- CVE-2024-21376 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!