Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2024-38201: Azure Stack Hub Elevation of Privilege Vulnerability

According to the CVSS metric, the attack complexity is high (AC:H) and user interaction is required (UI:R). What does that mean for this vulnerability?

An attacker would need to trick the user to transfer a malicious JSON file and hope that user does not open and review it. If the user opens it, the user will see an invalid URL and not import it for his dashboard. But in a scenario where the user does import the malicious JSON file, the portal will not immediately send a token. Only in a corner case that a user configures the dashboard again from the portal will there be a token leak.

Microsoft Security Response Center
#vulnerability#js#Azure Stack#Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2024-12695: Chromium: CVE-2024-12695 Out of bounds write in V8