5 matches found
CVE-2024-49052
CVE-2024-49052 is a Microsoft Azure PolicyWatch elevation-of-privilege vulnerability described as missing authentication for a critical function, enabling a network-based attacker to raise privileges without user interaction. Connected sources corroborate a network-exposed, high-severity issue (C...
CVE-2025-33074
The CVE-2025-33074 entry describes an improper verification of cryptographic signatures in Microsoft Azure Functions, enabling an authenticated attacker to execute code over a network. Several connected sources corroborate the issue across vendors and regions (NVD/NVDC, Red Hat, CNVD, MSRC, PT Se...
CVE-2024-38204
CVE-2024-38204 is an improper access control vulnerability affecting Microsoft Imagine Cup (site). Connected sources confirm an authorized attacker could elevate privileges over a network due to insufficient access control. Microsoft’s MSRC entry and other feeds link this CVE to Microsoft Azure F...
CVE-2020-16904
CVE-2020-16904 affects Azure Functions where access keys are not validated correctly for HTTP Functions, allowing an unauthenticated attacker to invoke the function without proper authorization. The vulnerability is an elevation of privilege issue tied to HTTP Functions’ access key validation. Mi...
CVE-2026-21532
CVE-2026-21532 relates to an information disclosure vulnerability in Azure Function. Multiple connected sources (Red Hat, ENISA EUVD, CIRCL, NVD, CVE listing, PT Security) identify it as Azure Function Information Disclosure Vulnerability with high impact to confidentiality (CVSS v3.1: 8.2, AV:N,...