CVE-2024-28917

CVE Database · CVE-2024-28917

· MEDIUMAnalyzed

CVSS v3.1

6.2

EPSS

0.89%

Published

Apr 9, 2024

Modified

Jan 7, 2025

Public PoC / Exploit

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Weaknesses (CWE)

CWE-284

Affected Products (7)

microsoft · azure_arc_extension_microsoft.azstackhci.operator (up to 5.0.5)vulnerable

microsoft · azure_arc_extension_microsoft.azure.hybridnetwork (up to 1.0.2620-162)vulnerable

microsoft · azure_arc_extension_microsoft.azurekeyvaultsecretsprovider (up to 1.5.2)vulnerable

microsoft · azure_arc_extension_microsoft.iotoperations.mq (up to 0.3.0-preview)vulnerable

microsoft · azure_arc_extension_microsoft.networkfabricserviceextension (up to 5.1.3)vulnerable

microsoft · azure_arc_extension_microsoft.openservicemesh (up to 1.2.6)vulnerable

microsoft · azure_arc_extension_microsoft.videoindexer (up to 1.1.2)vulnerable

References (2)

Vendor Advisory

Vendor Advisory