CVE-2023-21531
published 2023-01-10CVE-2023-21531: Azure Service Fabric Container Elevation of Privilege Vulnerability
PriorityP432high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.71%
48.8th percentile
Azure Service Fabric Container Elevation of Privilege Vulnerability
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_service_fabric | — | — |
| microsoft | azure_service_fabric | — | — |
| microsoft | azure_service_fabric | — | — |
| microsoft | azure_service_fabric_8.2 | >= 8.2 < 8.2 CU8 | 8.2 CU8 |
| microsoft | azure_service_fabric_9.0_for_linux | >= 9.0 < 9.0 CU5 | 9.0 CU5 |
| microsoft | azure_service_fabric_9.1 | >= 9.1 < 9.1 CU1 | 9.1 CU1 |
| msrc | azure_service_fabric_8.2 | — | — |
| msrc | azure_service_fabric_9.0_for_linux | — | — |
| msrc | azure_service_fabric_9.1 | — | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v3ch-w844-fcpj: Azure Service Fabric Container Elevation of Privilege Vulnerability
ghsa_unreviewed·2023-01-11
CVE-2023-21531 [HIGH] CWE-269 GHSA-v3ch-w844-fcpj: Azure Service Fabric Container Elevation of Privilege Vulnerability
Azure Service Fabric Container Elevation of Privilege Vulnerability.
Microsoft
Azure Service Fabric Container Elevation of Privilege Vulnerability
vendor_msrc·2023-01-10·CVSS 7.0
CVE-2023-21531 [HIGH] CWE-284 Azure Service Fabric Container Elevation of Privilege Vulnerability
Azure Service Fabric Container Elevation of Privilege Vulnerability
FAQ: Which Azure service(s) does this affect?
This vulnerability affects Azure Service Fabric clusters and standalone Service Fabric clusters orchestrated by Docker. Only users who implement the Docker app containers can be affected.
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could elevate their privileges and gain control over the Service Fabric cluster. This vulnerability does not allow the attacker to elevate privileges outside of the compromised cluster.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vuln
No detection rules found.
No public exploits indexed.
Trendmicro
Gaps in Azure Service Fabric’s Security Call for User Vigilance
blogs_trendmicro·2023-06-21
Gaps in Azure Service Fabric’s Security Call for User Vigilance
Cloud
## Gaps in Azure Service Fabric’s Security Call for User Vigilance
In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications.
By: David Fiser Jun 21, 2023 Read time: ( words)
Save to Folio
Besides being known for deployment of containerized applications, many also know Kubernetes for container orchestration. However, it’s not the only platform that offers this service in the market. In this blog post, we will focus on Service Fabric, an orchestrator developed by Microsoft and available as a service inside the Azure cloud. As with our previous posts on Kubernetes , we will look into different configuration scenarios
Trendmicro
Gaps in Azure Service Fabric’s Security Call for User Vigilance
blogs_trendmicro·2023-06-21
Gaps in Azure Service Fabric’s Security Call for User Vigilance
Nube
## Gaps in Azure Service Fabric’s Security Call for User Vigilance
In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications.
By: David Fiser Jun 21, 2023 Read time: ( words)
Save to Folio
Besides being known for deployment of containerized applications, many also know Kubernetes for container orchestration. However, it’s not the only platform that offers this service in the market. In this blog post, we will focus on Service Fabric, an orchestrator developed by Microsoft and available as a service inside the Azure cloud. As with our previous posts on Kubernetes , we will look into different configuration scenarios
Trendmicro
Gaps in Azure Service Fabric’s Security Call for User Vigilance
blogs_trendmicro·2023-06-21
Gaps in Azure Service Fabric’s Security Call for User Vigilance
Cloud
## Gaps in Azure Service Fabric’s Security Call for User Vigilance
In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications.
By: David Fiser 2023/06/21 Read time: ( words)
Save to Folio
Besides being known for deployment of containerized applications, many also know Kubernetes for container orchestration. However, it’s not the only platform that offers this service in the market. In this blog post, we will focus on Service Fabric, an orchestrator developed by Microsoft and available as a service inside the Azure cloud. As with our previous posts on Kubernetes , we will look into different configuration scenarios t
Trendmicro
Gaps in Azure Service Fabric’s Security Call for User Vigilance
blogs_trendmicro·2023-06-21
Gaps in Azure Service Fabric’s Security Call for User Vigilance
Cloud
# Gaps in Azure Service Fabric’s Security Call for User Vigilance
In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications.
By: David Fiser
2023/06/21
Read time: ( words)
Save to Folio
Besides being known for deployment of containerized applications, many also know Kubernetes for container orchestration. However, it’s not the only platform that offers this service in the market. In this blog post, we will focus on Service Fabric, an orchestrator developed by Microsoft and available as a service inside the Azure cloud. As with our previous posts on Kubernetes, we will look into different configuration scenarios th
2023-01-10
Published