Yuval Avrahami

**Name of the Vulnerable Software and Affected Versions** Microsoft ACI Confidential Containers (affected versions not specified) **Description** A privilege escalation issue exists in Microsoft Azure Confidential Computing containers. This allows for unauthorized access and control within the container environment. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Compute Gallery (affected versions not specified) **Description** A permissive regular expression within Azure Compute Gallery can allow an authorized attacker to elevate privileges locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Compute Gallery (affected versions not specified) Microsoft ACI Confidential Containers (affected versions not specified) **Description** A command injection issue exists in Azure Compute Gallery that could allow a locally authorized attacker to elevate privileges. The issue stems from improper neutralization of special elements used in a command. A related issue in Microsoft ACI Confidential Containers involves a failure to sanitize data at the management level, potentially allowing an attacker to elevate privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Azure Kubernetes Service Confidential Container (affected versions not specified) **Description** The issue is related to a lack of access control in the deployment and management of confidential containers in Azure Kubernetes Service, which can be exploited by a remote attacker to elevate their privileges. This could potentially allow unauthenticated attackers to gain full control of Azure Kubernetes clusters, including stealing credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Azure Kubernetes Service (affected versions not specified) **Description** The issue is related to insufficient access controls in the deployment and management of confidential containers in Azure Kubernetes Service. Exploitation of this issue may allow a remote attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Azure Kubernetes Service Confidential Containers (affected versions not specified) **Description** The issue is related to insufficient input validation in the deployment and management software of Azure Kubernetes Service Confidential Containers. This can be exploited by a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Azure Kubernetes Service Confidential Container (affected versions not specified) **Description** The issue is related to insufficient access controls in the deployment and management of confidential containers in Microsoft Azure Kubernetes Service. It may allow a remote attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kubernetes (affected versions not specified) **Description** A bug in the Kubernetes API server allows bypassing validation of node proxying addresses. This could enable an attacker to send authenticated requests to the API server's private network, potentially granting access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. The issue is related to the node proxying feature, which allows clients to access Kubelet endpoints, establish connections to Pods, and retrieve container logs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Calico versions 3.22.1 and below Calico Enterprise versions 3.12.0 and below **Description** The issue is related to insufficient validation in the floating IP feature, which may allow a privileged attacker to set a floating IP annotation to a pod even if the feature is not enabled. This could enable the attacker to intercept and reroute traffic to their compromised pod. **Recommendations** For Calico versions 3.22.1 and below, consider disabling the floating IP feature until a patch is available. For Calico Enterprise versions 3.12.0 and below, restrict access to the floating IP annotation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kubernetes versions 1.1.0 through 1.16.10 Kubernetes versions 1.17.0 through 1.17.6 Kubernetes versions 1.18.0 through 1.18.3 **Description** A security issue in the Kubelet and kube-proxy components allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. This means that services thought to be reachable only by other processes on the same host could be accessed by other hosts on the same LAN or by containers on the same node. For instance, a TCP service running on a node and listening on 127.0.0.1:1234 could be potentially reachable by other hosts or containers, posing a risk if the service does not require additional authentication. IPv6-only services on localhost are not affected by this issue. **Recommendations** For versions 1.1.0 through 1.16.10, update to a version outside of this range to mitigate the risk. For versions 1.17.0 through 1.17.6, update to a version outside of this range to mitigate the risk. For versions 1.18.0 through 1.18.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider implementing additional authentication for services bound to 127.0.0.1 to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** QEMU versions >= v5.0 **Description** A potential denial of service flaw was found in the virtio-fs shared file system daemon implementation. This issue occurs when a guest opens the maximum number of file descriptors under the shared directory, allowing a guest user or process to cause a denial of service on the host. Virtio-fs is designed to share a host file system directory with a guest via a virtio-fs device. **Recommendations** For QEMU versions >= v5.0, consider restricting the number of file descriptors that can be opened by a guest under the shared directory to prevent a denial of service. As a temporary workaround, limiting the access to the shared directory or implementing resource limits for guest users/processes may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cloud Foundry UAA versions prior to 73.4.0 **Description** The issue allows a malicious client with the `clients.write` authority or scope to bypass restrictions and create clients with arbitrary scopes that the creator does not possess. This can lead to privilege escalation. **Recommendations** For Cloud Foundry UAA versions prior to 73.4.0, update to version 73.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the `clients.write` authority or scope to minimize the risk of exploitation. Restrict access to client creation via `clients.write` to prevent malicious clients from bypassing restrictions.

**Name of the Vulnerable Software and Affected Versions** Cloud Foundry UAA versions prior to 73.3.0 **Description** The issue concerns improper escaping in certain endpoints, allowing an authenticated malicious user with basic read privileges for one identity zone to extend those privileges to all other identity zones. This enables the malicious user to obtain private information on users, clients, and groups in all other identity zones. **Recommendations** For versions prior to 73.3.0, update to version 73.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoints to minimize the risk of exploitation. Additionally, limit the privileges of users with basic read access to prevent them from extending their access to other identity zones.