/

CVE-2023-36052 Report - Details, Severity, & Advisorie...

CVE-2023-36052 Report - Details, Severity, & Advisories

Twingate Team

Jul 12, 2024

What is CVE-2023-36052?

CVE-2023-36052 is a high-severity information disclosure vulnerability affecting Microsoft Azure CLI, specifically certain commands related to Azure App Service, Azure Function App, and Azure Logic App. This vulnerability could allow an attacker to recover plaintext passwords and usernames from log files created by the affected CLI commands. Systems running Microsoft Azure CLI up to (excluding) version 2.53.1 are at risk, including those with log files created through Azure DevOps and/or GitHub Actions.

Who is impacted by this?

If you use Microsoft Azure CLI, specifically Azure App Service, Azure Function App, or Azure Logic App, you might be affected by the CVE-2023-36052 vulnerability. This issue impacts Azure CLI versions up to, but not including, 2.53.1. Users who have run certain CLI commands or have log files created through Azure DevOps and GitHub Actions are also at risk. To check if you're affected, verify the version of your Azure CLI and the commands you've used.

What to do if CVE-2023-36052 affected you

If you're affected by the CVE-2023-36052 vulnerability, take the following steps to secure your system:

  1. Update Azure CLI to version 2.53.1 or above.

  2. Check log files created by affected CLI commands through Azure DevOps and/or GitHub Actions, and update them if necessary.

  3. Regularly check for updates and patches to maintain system security.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-36052 vulnerability, also known as Azure CLI REST Command Information Disclosure Vulnerability, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was published on November 14, 2023. There is no specific due date mentioned for addressing this vulnerability.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-359, which involves exposure of private personal information to an unauthorized actor.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-36052 Report - Details, Severity, & Advisorie...

CVE-2023-36052 Report - Details, Severity, & Advisories

Twingate Team

Jul 12, 2024

What is CVE-2023-36052?

CVE-2023-36052 is a high-severity information disclosure vulnerability affecting Microsoft Azure CLI, specifically certain commands related to Azure App Service, Azure Function App, and Azure Logic App. This vulnerability could allow an attacker to recover plaintext passwords and usernames from log files created by the affected CLI commands. Systems running Microsoft Azure CLI up to (excluding) version 2.53.1 are at risk, including those with log files created through Azure DevOps and/or GitHub Actions.

Who is impacted by this?

If you use Microsoft Azure CLI, specifically Azure App Service, Azure Function App, or Azure Logic App, you might be affected by the CVE-2023-36052 vulnerability. This issue impacts Azure CLI versions up to, but not including, 2.53.1. Users who have run certain CLI commands or have log files created through Azure DevOps and GitHub Actions are also at risk. To check if you're affected, verify the version of your Azure CLI and the commands you've used.

What to do if CVE-2023-36052 affected you

If you're affected by the CVE-2023-36052 vulnerability, take the following steps to secure your system:

  1. Update Azure CLI to version 2.53.1 or above.

  2. Check log files created by affected CLI commands through Azure DevOps and/or GitHub Actions, and update them if necessary.

  3. Regularly check for updates and patches to maintain system security.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-36052 vulnerability, also known as Azure CLI REST Command Information Disclosure Vulnerability, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was published on November 14, 2023. There is no specific due date mentioned for addressing this vulnerability.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-359, which involves exposure of private personal information to an unauthorized actor.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-36052 Report - Details, Severity, & Advisories

Twingate Team

Jul 12, 2024

What is CVE-2023-36052?

CVE-2023-36052 is a high-severity information disclosure vulnerability affecting Microsoft Azure CLI, specifically certain commands related to Azure App Service, Azure Function App, and Azure Logic App. This vulnerability could allow an attacker to recover plaintext passwords and usernames from log files created by the affected CLI commands. Systems running Microsoft Azure CLI up to (excluding) version 2.53.1 are at risk, including those with log files created through Azure DevOps and/or GitHub Actions.

Who is impacted by this?

If you use Microsoft Azure CLI, specifically Azure App Service, Azure Function App, or Azure Logic App, you might be affected by the CVE-2023-36052 vulnerability. This issue impacts Azure CLI versions up to, but not including, 2.53.1. Users who have run certain CLI commands or have log files created through Azure DevOps and GitHub Actions are also at risk. To check if you're affected, verify the version of your Azure CLI and the commands you've used.

What to do if CVE-2023-36052 affected you

If you're affected by the CVE-2023-36052 vulnerability, take the following steps to secure your system:

  1. Update Azure CLI to version 2.53.1 or above.

  2. Check log files created by affected CLI commands through Azure DevOps and/or GitHub Actions, and update them if necessary.

  3. Regularly check for updates and patches to maintain system security.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-36052 vulnerability, also known as Azure CLI REST Command Information Disclosure Vulnerability, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was published on November 14, 2023. There is no specific due date mentioned for addressing this vulnerability.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-359, which involves exposure of private personal information to an unauthorized actor.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.