CVE-2022-37968
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
CVSS Score
10.0
EPSS Score
0.0%
EPSS Percentile
0th
Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.
| Vendor | microsoft |
| Product | azure arc-enabled kubernetes cluster 1.8.11 |
| Ecosystems | |
| Industries | TechnologyEnterprise |
| Published | Oct 11, 2022 |
| Last Updated | Jan 2, 2025 |
Stay Ahead of the Next One
Get instant alerts for microsoft azure arc-enabled kubernetes cluster 1.8.11
Be the first to know when new critical vulnerabilities affecting microsoft azure arc-enabled kubernetes cluster 1.8.11 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Microsoft / Azure Arc-enabled Kubernetes cluster 1.8.11
1.0.0 < 1.8.11
Microsoft / Azure Arc-enabled Kubernetes cluster 1.7.18
1.0.0 < 1.7.18
Microsoft / Azure Arc-enabled Kubernetes cluster 1.5.8
1.0.0 < 1.5.8
Microsoft / Azure Arc-enabled Kubernetes cluster 1.6.19
1.0.0 < 1.6.19
Microsoft / Azure Stack Edge
2.2.0 < 2.2.2088.5593