CVE-2024-11395: Chromium: CVE-2024-11395 Type Confusion in V8

CVE-2024-49054: Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-49060: Azure Stack HCI Elevation of Privilege Vulnerability

CVE-2024-11117: Chromium: CVE-2024-11117 Inappropriate implementation in FileSystem

CVE-2024-11116: Chromium: CVE-2024-11116 Inappropriate implementation in Paint

**How could an attacker exploit this vulnerability?**

An authenticated attacker with permissions to execute commands on the Azure CycleCloud instance could send a specially crafted request that returns the storage account credentials and runtime data. The attacker can then use the comprised credentials to access the underlying storage resources and upload malicious scripts which will be executed as Root, enabling remote code execution to be performed on any cluster in the CycleCloud instance.

Headline

CVE-2024-38195: Azure CycleCloud Remote Code Execution Vulnerability

Microsoft Security Response Center: Latest News