Microsoft Azure Automation vulnerabilities

CVE-2025-29827 [CRITICAL] CWE-285 CVE-2025-29827: Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.

CVE-2024-21330 [HIGH] CWE-122 CVE-2024-21330: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

CVE-2021-42306 [HIGH] CWE-522 CVE-2021-42306: An information disclosure vulnerability manifests when a user or an application uploads unprotected An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private

CVE-2019-0962 [MEDIUM] CVE-2019-0962: An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for user An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role, aka 'Azure Automation Elevation of Privilege Vulnerability'.