Amir Gombo

Name of the Vulnerable Software and Affected Versions Azure Custom Locations Resource Provider (affected versions not specified) Description Server-side request forgery (ssrf) exists in Azure Custom Locations Resource Provider (RP). This allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Azure Kubernetes Service (affected versions not specified) **Description** Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. The flaw allows unauthenticated attackers to escalate privileges remotely. The scope of the issue allows attackers to potentially affect resources beyond their initial access, possibly crossing tenant boundaries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Connected Machine Agent (affected versions not specified) **Description** A stack-based buffer overflow exists in Azure Connected Machine Agent. This allows an authorized attacker to elevate privileges locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.