CVE-2023-36052
published 2023-11-14CVE-2023-36052: Azure CLI REST Command Information Disclosure Vulnerability
PriorityP356high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
EPSS
21.54%
97.3th percentile
Azure CLI REST Command Information Disclosure Vulnerability
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_app_service | >= 1.0.0 < 2.53.1 | 2.53.1 |
| microsoft | azure_command-line_interface | < 2.53.1 | 2.53.1 |
| microsoft | azure_function_app | >= 1.0.0 < 2.53.1 | 2.53.1 |
| microsoft | azure_logic_app | >= 1.0.0 < 2.53.1 | 2.53.1 |
| msrc | az_functionapp_config_appsettings_delete | — | — |
| msrc | az_functionapp_config_appsettings_set | — | — |
| msrc | az_logicapp_config_appsettings_delete | — | — |
| msrc | az_logicapp_config_appsettings_set | — | — |
| msrc | az_staticwebapp_appsettings_delete | — | — |
| msrc | az_staticwebapp_appsettings_set | — | — |
| msrc | az_webapp_config_appsettings_delete | — | — |
| msrc | az_webapp_config_appsettings_set | — | — |
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
vendor_msrc8.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m32x-6xp4-26j2: Azure CLI REST Command Information Disclosure Vulnerability
ghsa_unreviewed·2023-11-14
CVE-2023-36052 [HIGH] GHSA-m32x-6xp4-26j2: Azure CLI REST Command Information Disclosure Vulnerability
Azure CLI REST Command Information Disclosure Vulnerability
Microsoft
Azure CLI REST Command Information Disclosure Vulnerability
vendor_msrc·2023-11-14·CVSS 8.6
CVE-2023-36052 [HIGH] CWE-359 Azure CLI REST Command Information Disclosure Vulnerability
Azure CLI REST Command Information Disclosure Vulnerability
FAQ: What type of information could be disclosed by this vulnerability?
An attacker that successfully exploited this vulnerability could recover plaintext passwords and usernames from log files created by the affected CLI commands and published by Azure DevOps and/or GitHub Actions.
FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.
FAQ: How could an attacker exploit this vulnerab
No detection rules found.
No public exploits indexed.
Wiz
Crying Out Cloud - December Newsletter | Wiz
blogs_wiz·2023-12-01·CVSS 8.8
CVE-2022-4886 [HIGH] Crying Out Cloud - December Newsletter | Wiz
This month introduced vulnerabilities and security incidents that have left users affected. We've curated the most interesting and impactful security highlights for you from the month of November.
Here are our top picks of cloud security highlights!
## 🐞 High Profile Vulnerabilities
High severity vulnerabilities in NGINX Ingress Controller
NGINX ingress controller is affected by 3 high severity vulnerabilities. CVE-2022-4886 allows an attacker who can control the Ingress object itself to steal Kubernetes API credentials, while CVE-2023-5043 and CVE-2023-5044 enable an attacker who can control configuration of the Ingress object to inject arbitrary code and steal credentials from the cluster. As of November 1, 2023, there is no fixed version available. Therefore, users are advised to up
Wiz
#13 - Leaky CLIs, glitchy CPUs and risky HARs | Wiz
blogs_wiz·2023-11-29·CVSS 8.6
CVE-2023-36052 [HIGH] #13 - Leaky CLIs, glitchy CPUs and risky HARs | Wiz
Podcast
## #13 - Leaky CLIs, glitchy CPUs and risky HARs
🎙️ NEW PODCAST EPISODE ALERT!
Eden and Amitai are back with another wild ride through the cloudy skies on "Crying Out Cloud"!
Here's the scoop for today's adventure:
01:36 - Okta Support System Compromise: 🕵️♂️
We unravel the mystery surrounding an unknown threat actor's access to Okta's customer support system. What's an HAR file, and why should you care?
06:30 - Azure CLI Credential Leak (CVE-2023-36052): 💻
Get the lowdown on Microsoft's Azure CLI vulnerability and how this leak happened, why defaults matter, and what the patch means for your Azure CLI setup.
13:17 - Reptar and Cachewarp CPU Vulnerabilities: 💡
CPU vulnerabilities are a trend we can't ignore! Discover why Reptar and Cachewarp CPU vulnerabilities might sound
Checkpoint
20th November – Threat Intelligence Report
blogs_checkpoint·2023-11-20·CVSS 7.8
CVE-2023-38831 [HIGH] 20th November – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th November – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 20th November, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Russia-affiliated military intelligence group SandWorm is reportedly responsible for an attack against 22 critical infrastructure companies in Denmark. The attacks, most severe in Danish history, have compromised industrial control systems and forced companies from the energy sector to work offline.
Medusa ransomware g
Trendmicro
The November 2023 Security Update Review
blogs_trendmicro·2023-11-14·CVSS 8.8
[HIGH] The November 2023 Security Update Review
## The November 2023 Security Update Review
Get the November 2023 security update and review.
By: Zero Day Initiative 2023/11/14 Read time: ( words)
Save to Folio
It’s the penultimate second Tuesday of 2023, and Microsoft and Adobe have released their latest security patches into the crisp, fall air. Take a break from your scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
C VE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2023-36033
Windows DWM Core Library Elevation of Privilege Vulnerability
Important
7.8
Yes
Yes
EoP
CVE-2023-36036
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Important
7.8
No
Yes
EoP
CVE-2023-36025
Windows SmartSc
Bleepingcomputer
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
blogs_bleepingcomputer·2023-11-14·CVSS 7.8
[HIGH] Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
## Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
## Lawrence Abrams
16 Elevation of Privilege Vulnerabilities
6 Security Feature Bypass Vulnerabilities
15 Remote Code Execution Vulnerabilities
6 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
11 Spoofing Vulnerabilities
The total count of 58 flaws does not include 5 Mariner security updates and 20 Microsoft Edge security updates released earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5032190 cumulative update and Windows 10 KB5032189 cumulative update .
## Five zero-days fixed
This month's Patch Tuesday fixes five zero-day vulnerabilities, with three exploited in attacks and three publicl
Trendmicro
The November 2023 Security Update Review
blogs_trendmicro·2023-11-14
The November 2023 Security Update Review
# The November 2023 Security Update Review
Get the November 2023 security update and review.
By: Zero Day Initiative
2023/11/14
Read time: ( words)
Save to Folio
It’s the penultimate second Tuesday of 2023, and Microsoft and Adobe have released their latest security patches into the crisp, fall air. Take a break from your scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
Adobe Patches for November 2023
For November, Adobe released 14 bulletins addressing 76 CVEs in Adobe Acrobat and Reader, ColdFusion, Audition, Premiere Pro, After Effects, Media Encoder, Dimension, Animate, InCopy, InDesign, RoboHelp, FrameMaker Publishing Server, Bridge, and Photoshop. A total of 54 of these bugs
Qualys
November 2023 Patch Tuesday: MS and Adobe Remediation | Qualys
blogs_qualys·2023-11-14
November 2023 Patch Tuesday: MS and Adobe Remediation | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for November 2023
- Adobe Patches for November 2023
- Zero-day Vulnerabilities Patched in November Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in November Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response(VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
- Qualys Monthly Webinar Series
Microsoft released its second last Patch Tuesday edition of the year. We invite you to join us to review and discuss the details of these security updates and
Qualys
Microsoft and Adobe Patch Tuesday, November 2023 Security Update Review
blogs_qualys·2023-11-14
Microsoft and Adobe Patch Tuesday, November 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for November 2023
Adobe Patches for November 2023
Zero-day Vulnerabilities Patched in November Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in November Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response(VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
Qualys Monthly Webinar Series
Microsoft released its second last Patch Tuesday edition of the year. We invite you to join us to review and discuss the details of these security updates and patches.
## M
Trendmicro
The November 2023 Security Update Review
blogs_trendmicro·2023-11-14·CVSS 8.8
[HIGH] The November 2023 Security Update Review
## The November 2023 Security Update Review
Get the November 2023 security update and review.
By: Zero Day Initiative Nov 14, 2023 Read time: ( words)
Save to Folio
It’s the penultimate second Tuesday of 2023, and Microsoft and Adobe have released their latest security patches into the crisp, fall air. Take a break from your scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
C VE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2023-36033
Windows DWM Core Library Elevation of Privilege Vulnerability
Important
7.8
Yes
Yes
EoP
CVE-2023-36036
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Important
7.8
No
Yes
EoP
CVE-2023-36025
Windows Smart
Crowdstrike
November Patch Tuesday 2023: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] November Patch Tuesday 2023: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
2023-11-14
Published