Azure Arc K8s Cluster Connect Privilege Escalation
CVE-2022-37968 Published on October 11, 2022
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability
Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.
Products Associated with CVE-2022-37968
stack.watch emails you whenever new vulnerabilities are published in Microsoft Azure Stack Edge or Microsoft Azure Arc Enabled Kubernetes. Just hit a watch button to start following.
Affected Versions
Microsoft Azure Arc-enabled Kubernetes cluster 1.8.11:- Version 1.0.0 and below 1.8.11 is affected.
- Version 1.0.0 and below 1.7.18 is affected.
- Version 1.0.0 and below 1.5.8 is affected.
- Version 1.0.0 and below 1.6.19 is affected.
- Version 2.2.0 and below 2.2.2088.5593 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.