Lucene search
+L

5 matches found

CVE
CVE
added 2021/11/24 1:5 a.m.96 views

CVE-2021-42306

CVE-2021-42306 describes an information-disclosure vulnerability in Azure AD where private key data uploaded as part of a certificate in the keyCredential of an Application or Service Principal could be read by an entity with application read access in the tenant. The root cause is the handling o...

8.1CVSS6.7AI score0.03082EPSS
Exploits0References1Affected Software4
MSRC
MSRC
added 2021/11/17 8:2 p.m.39 views

Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs

Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentials property of an Azure Active Directory Azure AD Application and/or Service Principal, and prevent reading of private key data...

4CVSS5.9AI score0.03082EPSS
Exploits0
MSRC
MSRC
added 2021/11/17 8:0 a.m.30 views

Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs

Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentialsproperty of an Azure Active Directory Azure AD Applicationand/or Service Principal, and prevent reading of private key data...

8.1CVSS6.5AI score0.03082EPSS
Exploits0
MSRC
MSRC
added 2021/11/17 8:0 a.m.54 views

Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs

Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentialsproperty of an Azure Active Directory Azure AD Applicationand/or Service Principal, and prevent reading of private key data...

4CVSS2.5AI score0.03082EPSS
Exploits0
Circl
Circl
added 2021/11/17 7:0 a.m.22 views

CVE-2021-42306

creationtimestamp| type| source ---|---|--- 2021-11-17 07:00:00+00:00| seen| https://msrc.microsoft.com/blog/2021/11/guidance-for-azure-active-directory-ad-keycredential-property-information-disclosure-in-application-and-service-principal-apis/ 2021-11-18 13:13:22+00:00| published-proof-of-concep...

8.1CVSS6.8AI score0.03082EPSS
Exploits0References3
Rows per page
Query Builder