Severity
High
Analysis Summary
CVE-2023-38155 CVSS: 7.0
Microsoft Azure DevOps Server and Team Foundation Server could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2023-29332 CVSS: 7.5
Microsoft Azure Kubernetes Service could allow a remote attacker to gain elevated privileges on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2023-38156 CVSS: 7.2
Microsoft Azure HDInsight could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Apache Ambari component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to obtain domain administrator privileges.
CVE-2023-33136 CVSS: 8.8
Microsoft Azure DevOps Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Privilege Escalation
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-38155
- CVE-2023-29332
- CVE-2023-38156
- CVE-2023-33136
Affected Vendors
Microsoft
Affected Products
- Microsoft Azure DevOps Server 2022
- Microsoft Azure Kubernetes Service
- Microsoft Azure HDInsights
- Microsoft Azure DevOps Server
- Microsoft Azure DevOps
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.