Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2024-38195: Azure CycleCloud Remote Code Execution Vulnerability

How could an attacker exploit this vulnerability?

An authenticated attacker with permissions to execute commands on the Azure CycleCloud instance could send a specially crafted request that returns the storage account credentials and runtime data. The attacker can then use the comprised credentials to access the underlying storage resources and upload malicious scripts which will be executed as Root, enabling remote code execution to be performed on any cluster in the CycleCloud instance.

Microsoft Security Response Center
#vulnerability#rce#auth#Azure CycleCloud#Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2024-10488: Chromium: CVE-2024-10488 Use after free in WebRTC