CVE-2023-36052

Name of the Vulnerable Software and Affected Versions Azure CLI versions prior to the fixed version

Description The issue is related to a lack of protection for service data in the Azure CLI interface, which can be exploited by a remote attacker to gain access to credentials. The estimated number of potentially affected devices is not specified. There have been reports of this issue being exploited in real-world incidents, but details are not provided. Technical details about exploitation include the potential for information disclosure through REST commands. The username and password variables may be vulnerable, but specific details are not provided. The /api/v1/login endpoint may be affected, but this is not explicitly stated.

Recommendations As a temporary workaround, consider disabling the use of REST commands in the Azure CLI until a patch is available. Restrict access to sensitive credentials to minimize the risk of exploitation. Avoid using the username and password variables in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.