CVE-2020-0902 — Improper Privilege Management in Microsoft Service Fabric

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

16.0%

top 5.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Service Fabric

Timeline

PublishedMar 12

Latest updateMay 24

Description

An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privilege'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5microsoft/service_fabricunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-c5m9-gqgq-pqxw: An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privile↗2022-05-24

▶

CVEList

CVE-2020-0902: An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions, aka 'Service Fabric Elevation of Privile↗2020-03-12

▶

📋Vendor Advisories

Microsoft

Service Fabric Elevation of Privilege↗2020-03-10

▶