Improper Privilege Management in Azure ms-rest-nodeauth

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability...

GHSA-QPFW-4M9X-RXX8 Improper Privilege Management in Azure ms-rest-nodeauth

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability...

CVE-2021-28458

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability...

Privilege escalation

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability...

CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability

...

CVE-2021-28458

CVE-2021-28458 corresponds to an Elevation of Privilege vulnerability in the Azure ms-rest-nodeauth library. The vulnerability affects the @azure/ms-rest-nodeauth component and allows an attacker with local access and user interaction to obtain elevated privileges, with a high impact on confident...

Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability

...

Microsoft Azure ms-rest-nodeauth 权限许可和访问控制问题漏洞

Microsoft Azure ms-rest-nodeauth is an application from Microsoft USA. It provides different node.js-based authentication mechanisms. Microsoft Azure ms-rest-nodeauth has a privilege permission and access control issue vulnerability that stems from an Azure ms-rest-nodeauth library elevation of...

PT-2021-2729 · Microsoft · Ms-Rest-Nodeauth

Name of the Vulnerable Software and Affected Versions: ms-rest-nodeauth library affected versions not specified Description: The issue is related to the implementation of the execAz function in the authentication library for Azure services, which fails to neutralize special elements used in...

Command Injection in azure/ms-rest-nodeauth

✍️ Description the core function execAz which is purposely used for az command can be injected with arbitrary other OS commands. Also the attackers can exploit this vulnerability by calling AzureCliCredentials.setDefaultSubscription"OS command" from the Azure CLI. 🕵️‍♂️ Proof of Concept // PoC.js...