Security News > 2023 > November > Microsoft fixes critical Azure CLI flaw that leaked credentials in logs

Microsoft fixes critical Azure CLI flaw that leaked credentials in logs
2023-11-14 18:43

Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI. The vulnerability was reported by security researchers with Palo Alto's Prisma Cloud.

"Customers using the affected CLI commands must update their Azure CLI version to 2.53.1 or above to be protected against the risks of this vulnerability. This also applies to customers with log files created by using these commands through Azure DevOps and/or GitHub Actions."

Microsoft says that customers who recently used Azure CLI commands were notified through the Azure Portal.

Avoid exposing Azure CLI output in logs and/or publicly accessible locations: If developing a script that requires the output value, filter out the property needed for the script.

Microsoft has implemented a new Azure CLI default configuration to bolster security measures, aiming to prevent accidental disclosure of sensitive information.

The new default will roll out to customers who have updated to the latest Azure CLI version, while prior versions are still vulnerable to exploitation.


News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-critical-azure-cli-flaw-that-leaked-credentials-in-logs/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400