Microsoft Azure Setup Kubectl
By the Year
In 2024 there have been 0 vulnerabilities in Microsoft Azure Setup Kubectl . Last year Azure Setup Kubectl had 1 security vulnerability published. Right now, Azure Setup Kubectl is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Azure Setup Kubectl vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Azure Setup Kubectl Security Vulnerabilities
Azure/setup-kubectl is a GitHub Action for installing Kubectl
CVE-2023-23939
7 - High
- March 06, 2023
Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue.
Incorrect Permission Assignment for Critical Resource
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Azure Setup Kubectl or by Microsoft? Click the Watch button to subscribe.
