What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain Cluster Administrator privileges. How do I protect my resources against this vulnerability? Customers must update or upgrade their Azure Kuberenetes Service resource deployments using the following guidance: Upgrade your AKS node image to receive the fix without altering your Kubernetes version. Upgrade your AKS cluster to a newer version which will also bring your node image to the latest version. What additional actions can customers take to help ensure their resources are secure? We highly encourage customers to enable automatic node image upgrades for their Azure Kubernetes Resources to get the latest security releases in the future. General Availability Customers: Automatically upgrade an Azure Kubernetes Service (AKS) cluster - Azure Kubernetes Service | Microsoft Learn CLI command: az aks update --resource-group [myResourceGroup] --name [myAKSCluster] --auto-upgrade-channel node-image Or Preview Customers: Automatically upgrade Azure Kubernetes Service (AKS) cluster node operating system images - Azure Kubernetes Service | Microsoft Learn: CLI command: az aks update --resource-group [myResourceGroup] --name [myAKSCluster] --node-os-upgrade-channel NodeImage According to the CVSS metric, attack complexity is high (AC:H) but integrity is none (I:N) and availability is none (A:N). What does that mean for this vulnerability? The Confidentiality is set to High because an attacker who successfully exploits this vulnerability could access tokens beyond a user’s typical privilege. The exploit results in token disclosure, however it does not affect the Integrity and Availability of the system. Thus, both of these are set as None. According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability? The attack vector is set
Stav Nir