Description

A series of flaws in Azures service feature created a loophole. This vulnerability could allow users to access other customers information in the platform.

Impact

- Lead to compromise the Kubernetes clusters, thus providing attackers with full control over other Azure customers' containers. - The vulnerability could have allowed users to access other customers information in the service. - Allow any user to download, delete or manipulate a massive collection of commercial databases.

Recommendation

- Change users login credentials. - Rotate privileged credentials on a frequent basis.

Threat

External attacker with access and permissions over the database and service architecture.

Expected Remediation Time

⏱️ 120 minutes.

Requirements

Fixes