Azure Stack Spoofing Vulnerability

2020-02-03T08:00:00
ID MS:CVE-2019-1234
Type mscve
Reporter Microsoft
Modified 2020-02-03T08:00:00

Description

A spoofing vulnerability exists when Azure Stack fails to validate certain requests. An attacker who successfully exploited the vulnerability could make requests to internal Azure Stack resources.

An attacker could exploit the vulnerability by sending a specially crafted request to the Azure Stack user portal.

The update addresses the vulnerability by changing how Azure Stack handles certain requests.