Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-39327

Published: 25/10/2022 Updated: 27/06/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Azure Command-line Interface

Vulnerability Summary

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft azure_command-line_interface

References

CWE-78https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4https://github.com/Azure/azure-cli/pull/23514https://github.com/Azure/azure-cli/pull/24015https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook