cbcvebase.
CVE-2024-29990
published 2024-04-09

CVE-2024-29990: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

PriorityP264critical9CVSS 3.1
AVNACHPRNUINSCCHIHAH
EPSS
18.01%
96.8th percentile
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftazure_kubernetes_service>= 1.0.0 < 0.3.40.3.4
microsoftazure_kubernetes_service_confidential_containers< 0.3.40.3.4
msrcazure_kubernetes_service_confidential_containers

Detection & IOCsextracted from sources · hover to see the quote

  • An unauthenticated attacker can move the same workload onto a machine they control where the attacker is root, targeting the untrusted AKS Kubernetes node and AKS Confidential Container to take over confidential guests and containers beyond the network stack it might be bound to.
  • Monitor for az confcom extension versions prior to 0.3.3 in use within AKS Confidential Container environments, as these are vulnerable to privilege escalation.
  • Alert on credential theft activity originating from AKS Confidential Container workloads, as successful exploitation allows an attacker to steal credentials and affect resources beyond the AKSCC security scope.
  • ·Attack complexity is high (AC:H) because the attacker must prepare the target environment to improve exploit reliability before exploitation can succeed.
  • ·No authentication is required; an unauthenticated attacker can move the workload to a machine they control where they are root, bypassing typical authentication controls.
  • ·The vulnerability has a scope change impact (S:C), meaning exploitation can affect resources outside the immediate AKS Confidential Container security boundary.
  • ·Customers must ensure they are running the latest version of both az confcom and Kata Image to be protected; the vulnerable component version threshold is az confcom < 0.3.3.

CVSS provenance

nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
vendor_msrc9.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.