CVE-2024-28917
MEDIUMAzure Arc Extensions - Cluster-Scope Elevation of Privilege via Improper Access Control
Title source: llmDescription
Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28917
Scores
CVSS v3
6.2
EPSS
0.0089
EPSS Percentile
54.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (7)
microsoft/azure_arc_extension_microsoft.azstackhci.operator
1.0.0 - 5.0.5
microsoft/azure_arc_extension_microsoft.azure.hybridnetwork
1.0.0 - 1.0.2620-162
microsoft/azure_arc_extension_microsoft.azurekeyvaultsecretsprovider
1.0.0 - 1.5.2
microsoft/azure_arc_extension_microsoft.iotoperations.mq
< 0.3.0-preview
microsoft/azure_arc_extension_microsoft.networkfabricserviceextension
1.0.0 - 5.1.3
microsoft/azure_arc_extension_microsoft.openservicemesh
1.0.0 - 1.2.6
microsoft/azure_arc_extension_microsoft.videoindexer
1.0.0 - 1.1.2
Published
Apr 09, 2024
Tracked Since
Feb 18, 2026