Security
Headlines
HeadlinesLatestCVEs

Tag

#Azure Arc Jumpstart

CVE-2022-35798: Azure Arc Jumpstart Information Disclosure Vulnerability

**What is the nature of this vulnerability?** An information disclosure vulnerabilty exists in Azure Arc Jumpstart that could allow an authenticated user to view certain credentials and other senstive information contained in a log file. **What are the circumstances leading to a successful exploitation?** The client virtual machine is protected behind a secured Azure virtual network (VNET) without access from the internet. A potential attacker would first have to compromise the VNET to have network access to the Azure client virtual machine (Azure Arc Jumpstart-Client). There is only one provisioned user on the client virtual machine, and this user’s credentials are protected by a username and password provided by the end-user at deployment time. There are no other “low level” users that have login access to the virtual machine. The only user credential with access to the VM is the one created and supplied by the original Azure Arc Jumpstart end-user. A potential attacker would firs...

Microsoft Security Response Center
#vulnerability#web#ios#mac#microsoft#auth#Azure Arc Jumpstart#Security Vulnerability