CVE-2023-36052: Azure CLI REST Command Information Disclosure Vulnerability
First published: Tue Nov 14 2023(Updated: )
Azure CLI REST Command Information Disclosure Vulnerability
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft az staticwebapp appsettings set | ||
| Microsoft az logicapp config appsettings set | ||
| Microsoft az functionapp config appsettings set | ||
| Microsoft az webapp config appsettings set | ||
| Microsoft az staticwebapp appsettings delete | ||
| Microsoft az functionapp config appsettings delete | ||
| Microsoft az logicapp config appsettings delete | ||
| Microsoft az webapp config appsettings delete | ||
| Microsoft Azure CLI | <2.53.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-36052?
CVE-2023-36052 is a vulnerability that allows for information disclosure in the Azure CLI REST Command.
How severe is CVE-2023-36052?
CVE-2023-36052 has a severity rating of 8.6, which is considered critical.
Which software is affected by CVE-2023-36052?
The following software is affected by CVE-2023-36052: az logicapp config appsettings set, az logicapp config appsettings delete, az functionapp config appsettings set, az staticwebapp appsettings delete, az webapp config appsettings set, az functionapp config appsettings delete, az staticwebapp appsettings set, az webapp config appsettings delete.
How can I fix CVE-2023-36052?
To fix CVE-2023-36052, you should update the Azure CLI by following the instructions provided by Microsoft.
Where can I find more information about CVE-2023-36052?
You can find more information about CVE-2023-36052 at the following reference link: [CVE-2023-36052](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36052).
- collector/msrc
- agent/type
- agent/first-publish-date
- source/Microsoft
- collector/msrc-cve
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/author
- agent/title
- agent/remedy
- agent/description
- agent/event
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- agent/trending
- vendor/microsoft
- canonical/microsoft az staticwebapp appsettings set
- canonical/microsoft az logicapp config appsettings set
- canonical/microsoft az functionapp config appsettings set
- canonical/microsoft az webapp config appsettings set
- canonical/microsoft az staticwebapp appsettings delete
- canonical/microsoft az functionapp config appsettings delete
- canonical/microsoft az logicapp config appsettings delete
- canonical/microsoft az webapp config appsettings delete
- canonical/microsoft azure cli