<p>Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.</p>
References
Link | Resource |
---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37968 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Dec 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) <p>Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.</p> |
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
12 Oct 2022, 15:06
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
CPE | cpe:2.3:a:microsoft:azure_arc-enabled_kubernetes:1.8.11:*:*:*:*:*:*:* cpe:2.3:a:microsoft:azure_arc-enabled_kubernetes:1.6.19:*:*:*:*:*:*:* cpe:2.3:a:microsoft:azure_stack_edge:-:*:*:*:*:*:*:* cpe:2.3:a:microsoft:azure_arc-enabled_kubernetes:1.7.18:*:*:*:*:*:*:* cpe:2.3:a:microsoft:azure_arc-enabled_kubernetes:1.5.8:*:*:*:*:*:*:* |
|
First Time |
Microsoft azure Stack Edge
Microsoft Microsoft azure Arc-enabled Kubernetes |
|
References | (MISC) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37968 - Patch, Vendor Advisory |
11 Oct 2022, 19:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-11 19:15
Updated : 2023-12-20 20:15
NVD link : CVE-2022-37968
Mitre link : CVE-2022-37968
CVE.ORG link : CVE-2022-37968
JSON object : View
Products Affected
microsoft
- azure_stack_edge
- azure_arc-enabled_kubernetes
CWE