CVE-2024-21400

CWE-22 — Path Traversal9 documents5 sources

Severity

9.0CRITICAL

EPSS

1.6%

top 18.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Azure Kubernetes Service Microsoft Confidental Containers

Timeline

PublishedMar 12

Latest updateFeb 25

Description

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5microsoft/azure_kubernetes_service1.0.0 — 0.3.3

▶NVDmicrosoft/confidental_containers< 0.3.3

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

linux-aws-5.4 linux-raspi-5.4 vulnerabilities↗2025-02-25

▶

OSV

linux-aws vulnerabilities↗2025-02-12

▶

OSV

linux-azure, linux-azure-5.4 vulnerabilities↗2025-02-04

▶

OSV

linux-hwe-5.4 vulnerabilities↗2025-01-30

▶

OSV

linux, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi vulnerabilities↗2025-01-28

▶

📋Vendor Advisories

Microsoft

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability↗2024-03-12

▶