CVE-2022-37968

Name of the Vulnerable Software and Affected Versions Azure Arc-enabled Kubernetes clusters (affected versions not specified) Azure Stack Edge (affected versions not specified)

Description The issue is related to access control flaws in the Azure Arc gateway and Azure Stack Edge, which could allow an unauthenticated user to elevate their privileges. This might potentially grant administrative control over the Kubernetes cluster. The vulnerability can be exploited remotely.

Recommendations For Azure Arc-enabled Kubernetes clusters, restrict access to the cluster connect feature until a patch is available. For Azure Stack Edge devices, consider disabling the deployment of Kubernetes workloads via Azure Arc as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.