Microsoft fixes critical Azure CLI flaw that leaked credentials in logs

Microsoft has patched a serious security flaw that might allow hackers to obtain login information from Azure DevOps or GitHub Actions logs generated using the Azure CLI (short for Azure command-line interface).

Palo Alto security researcher Aviad Hahami discovered the vulnerability (tracked as CVE-2023-36052), and upon successful exploitation, it allows unauthenticated attackers to remotely access plain text contents written to Continuous Integration and Continuous Deployment (CI/CD) logs by the Azure CLI. If this vulnerability was successfully exploited, an attacker might get usernames and plaintext passwords from log files produced by the impacted CLI commands and made available by GitHub Actions and/or Azure DevOps.

Microsoft fixes critical Azure CLI flaw that leaked credentials in logs

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Microsoft fixes critical Azure CLI flaw that leaked credentials in logs

14-Nov-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address