medium

Azure Cloud Shell terminal escape

Published Wed, Jan 9th, 2019
Platforms

Summary

If attacker controlled data is viewed in Cloudshell it could have led to code execution. This exact same issue was later discovered in AWS as well.

Affected Services

Cloudshell

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Wed, Jan 9th, 2019
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Felix Wilhelm, Google