Summary
Azure CLI commands were found to leak sensitive information, including credentials, through GitHub Actions logs. The vulnerability affects multiple Azure CLI commands and could expose secrets in public and private repositories. Microsoft has issued updates to Azure CLI, Azure Pipelines, and GitHub Actions to address the issue.
Affected Services
Azure CLI
Remediation
Update Azure CLI to version 2.54 or later. Use Key Vault to store secrets. Avoid echoing sensitive output in CI/CD logs. Use JMESPath queries or redirect output when using Azure CLI commands.
Tracked CVEs
CVE-2023-36052
References
https://msrc.microsoft.com/blog/2023/11/microsoft-guidance-regarding-credentials-leaked-to-github-actions-logs-through-azure-cli/https://www.paloaltonetworks.com/blog/prisma-cloud/secrets-leakage-user-error-azure-cli/
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Sat, Jul 1st, 2023
Exploitablity Period
Until 2023/11/14
Known ITW Exploitation
-
Detection Methods
Review GitHub Actions and Azure Pipelines logs for exposed secrets or credentials. Scan repositories for Azure CLI commands that may output sensitive data. Monitor for unauthorized access attempts using exposed credentials.
Piercing Index Rating
-
Discovered by
Aviad Hahami, Palo Alto Networks Prisma Cloud
