CVE-2021-27075

Name of the Vulnerable Software and Affected Versions Azure Virtual Machine versions (affected versions not specified) Azure Container Instance versions (affected versions not specified) Azure Service Fabric versions (affected versions not specified) Azure Kubernetes Service versions (affected versions not specified) Azure Container Registry versions (affected versions not specified) Azure Spring Cloud versions (affected versions not specified)

Description The issue is related to a lack of protection for service data, which can be exploited by a remote attacker to gain unauthorized access to protected information. This can lead to information disclosure. There is also a mention of a Linux Azure VM Plugin System vulnerability that can lead to privilege escalation.

Recommendations For Azure Virtual Machine, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Azure Container Instance, consider restricting access to sensitive data until a patch is available. For Azure Service Fabric, as a temporary workaround, consider disabling any vulnerable plugins or modules until a fix is released. For Azure Kubernetes Service, restrict access to the vulnerable API endpoints until the issue is resolved. For Azure Container Registry, avoid using sensitive parameters in the affected API endpoints until the issue is fixed. For Azure Spring Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability.