CVE-2022-39327 (GCVE-0-2022-39327)

Vulnerability from cvelistv5 – Published: 2022-10-25 00:00 – Updated: 2025-04-22 17:17

Title

Improper Control of Generation of Code ('Code Injection') in Azure CLI

Summary

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/Azure/azure-cli/security/advis…
	https://github.com/Azure/azure-cli/pull/23514
	https://github.com/Azure/azure-cli/pull/24015

Impacted products

	Vendor	Product	Version
	Azure	azure-cli	Affected: < 2.40.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:44.150Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/Azure/azure-cli/pull/23514"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/Azure/azure-cli/pull/24015"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39327",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:40:50.784619Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T17:17:26.636Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "azure-cli",
          "vendor": "Azure",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.40.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `\u0026` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-25T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"
        },
        {
          "url": "https://github.com/Azure/azure-cli/pull/23514"
        },
        {
          "url": "https://github.com/Azure/azure-cli/pull/24015"
        }
      ],
      "source": {
        "advisory": "GHSA-47xc-9rr2-q7p4",
        "discovery": "UNKNOWN"
      },
      "title": "Improper Control of Generation of Code (\u0027Code Injection\u0027) in Azure CLI"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39327",
    "datePublished": "2022-10-25T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-22T17:17:26.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/Azure/azure-cli/pull/23514\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/Azure/azure-cli/pull/24015\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:00:44.150Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-39327\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T15:40:50.784619Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T15:40:53.125Z\"}}], \"cna\": {\"title\": \"Improper Control of Generation of Code (\u0027Code Injection\u0027) in Azure CLI\", \"source\": {\"advisory\": \"GHSA-47xc-9rr2-q7p4\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Azure\", \"product\": \"azure-cli\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.40.0\"}]}], \"references\": [{\"url\": \"https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4\"}, {\"url\": \"https://github.com/Azure/azure-cli/pull/23514\"}, {\"url\": \"https://github.com/Azure/azure-cli/pull/24015\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `\u0026` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-10-25T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-39327\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-22T17:17:26.636Z\", \"dateReserved\": \"2022-09-02T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-10-25T00:00:00.000Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2022-AVI-972

Vulnerability from certfr_avis - Published: 2022-10-31 - Updated: 2022-10-31

Une vulnérabilité a été découverte dans Azure CLI. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Azure	Azure CLI versions antérieures à 2.40.0

References

Title

Publication Time

Tags

Bulletin de sécurité Azure CVE-2022-39327 du 24 octobre 2022	None	vendor-advisory
Bulletin de sécurité Azure CVE-2022-39327 du 24 octobre 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Azure CLI versions ant\u00e9rieures \u00e0 2.40.0",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-39327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39327"
    }
  ],
  "initial_release_date": "2022-10-31T00:00:00",
  "last_revision_date": "2022-10-31T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Azure CVE-2022-39327 du 24 octobre 2022",
      "url": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"
    }
  ],
  "reference": "CERTFR-2022-AVI-972",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Azure CLI. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Azure CLI",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Azure CVE-2022-39327 du 24 octobre 2022",
      "url": null
    }
  ]
}

CERTFR-2022-AVI-1014

Vulnerability from certfr_avis - Published: 2022-11-09 - Updated: 2022-11-09

De multiples vulnérabilités ont été corrigées dans Microsoft Azure. Elles permettent à un attaquant de provoquer une exécution de code à distance, une élévation de privilèges, un contournement de la fonctionnalité de sécurité, une atteinte à la confidentialité des données et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Azure	Azure EFLOW
Microsoft	Azure	Azure CycleCloud 7
Microsoft	Azure	Azure RTOS GUIX Studio
Microsoft	Azure	Windows Server 2022 Datacenter: Azure Edition (Hotpatch)
Microsoft	Azure	Azure CycleCloud 8
Microsoft	Azure	Azure CLI

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 08 novembre 2022	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-41045 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41090 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-37992 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41057 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41058 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41047 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41055 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41054 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41039 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41051 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41053 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41097 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41085 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41073 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41125 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-38014 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41056 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41100 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-39327 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41088 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41086 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41049 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-38015 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41048 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41050 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41102 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41098 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41114 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41092 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41101 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41093 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41109 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41113 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41091 du 08 novembre 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Azure EFLOW",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 7",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure RTOS GUIX Studio",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 Datacenter: Azure Edition (Hotpatch)",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CLI",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-38014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38014"
    },
    {
      "name": "CVE-2022-41039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41039"
    },
    {
      "name": "CVE-2022-41086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41086"
    },
    {
      "name": "CVE-2022-41056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41056"
    },
    {
      "name": "CVE-2022-41045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41045"
    },
    {
      "name": "CVE-2022-41057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41057"
    },
    {
      "name": "CVE-2022-41058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41058"
    },
    {
      "name": "CVE-2022-41054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41054"
    },
    {
      "name": "CVE-2022-41053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41053"
    },
    {
      "name": "CVE-2022-41109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41109"
    },
    {
      "name": "CVE-2022-41048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41048"
    },
    {
      "name": "CVE-2022-41090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41090"
    },
    {
      "name": "CVE-2022-41085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41085"
    },
    {
      "name": "CVE-2022-41049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41049"
    },
    {
      "name": "CVE-2022-41091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41091"
    },
    {
      "name": "CVE-2022-41051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41051"
    },
    {
      "name": "CVE-2022-41113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41113"
    },
    {
      "name": "CVE-2022-41102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41102"
    },
    {
      "name": "CVE-2022-41098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41098"
    },
    {
      "name": "CVE-2022-41101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41101"
    },
    {
      "name": "CVE-2022-41092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41092"
    },
    {
      "name": "CVE-2022-41073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41073"
    },
    {
      "name": "CVE-2022-41050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41050"
    },
    {
      "name": "CVE-2022-39327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39327"
    },
    {
      "name": "CVE-2022-41047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41047"
    },
    {
      "name": "CVE-2022-38015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38015"
    },
    {
      "name": "CVE-2022-41100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41100"
    },
    {
      "name": "CVE-2022-41125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41125"
    },
    {
      "name": "CVE-2022-37992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37992"
    },
    {
      "name": "CVE-2022-41114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41114"
    },
    {
      "name": "CVE-2022-41088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41088"
    },
    {
      "name": "CVE-2022-41055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41055"
    },
    {
      "name": "CVE-2022-41097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41097"
    },
    {
      "name": "CVE-2022-41093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41093"
    }
  ],
  "initial_release_date": "2022-11-09T00:00:00",
  "last_revision_date": "2022-11-09T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41045 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41045"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41090 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41090"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-37992 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37992"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41057 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41057"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41058 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41058"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41047 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41047"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41055 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41055"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41054 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41054"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41039 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41039"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41051 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41051"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41053 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41053"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41097 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41097"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41085 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41085"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41073 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41073"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41125 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41125"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-38014 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38014"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41056 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41056"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41100 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41100"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-39327 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-39327"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41088 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41088"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41086 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41086"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41049 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41049"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-38015 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38015"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41048 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41048"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41050 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41050"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41102 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41102"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41098 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41098"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41114 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41114"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41092 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41092"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41101 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41101"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41093 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41093"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41109 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41109"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41113 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41113"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41091 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41091"
    }
  ],
  "reference": "CERTFR-2022-AVI-1014",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation de\nprivil\u00e8ges, un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

FKIE_CVE-2022-39327

Vulnerability from fkie_nvd - Published: 2022-10-25 17:15 - Updated: 2024-11-21 07:18

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/Azure/azure-cli/pull/23514	Exploit, Patch, Third Party Advisory
security-advisories@github.com	https://github.com/Azure/azure-cli/pull/24015	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4	Exploit, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Azure/azure-cli/pull/23514	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Azure/azure-cli/pull/24015	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4	Exploit, Mitigation, Third Party Advisory

Impacted products

	Vendor	Product	Version
	microsoft	azure_command-line_interface	*
	microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:azure_command-line_interface:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17BE6608-54D3-48A3-BEC8-ED0AB52D9F89",
              "versionEndExcluding": "2.40.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `\u0026` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability."
    },
    {
      "lang": "es",
      "value": "Azure CLI es la interfaz de l\u00ednea de comandos para Microsoft Azure. En las versiones anteriores a 2.40.0, Azure CLI contiene una vulnerabilidad por posible inyecci\u00f3n de c\u00f3digo. Los escenarios cr\u00edticos son cuando una m\u00e1quina de alojamiento ejecuta un comando de Azure CLI donde los valores de los par\u00e1metros han sido proporcionados por una fuente externa. La vulnerabilidad s\u00f3lo es aplicable cuando el comando Azure CLI es ejecutado en una m\u00e1quina Windows y con cualquier versi\u00f3n de PowerShell y cuando el valor del par\u00e1metro contiene los s\u00edmbolos \"\u0026amp;\" o \"|\". Si no es cumplido alguno de estos requisitos previos, esta vulnerabilidad no es aplicable. Los usuarios deben actualizar a la versi\u00f3n 2.40.0 o superior para recibir una mitigaci\u00f3n de la vulnerabilidad"
    }
  ],
  "id": "CVE-2022-39327",
  "lastModified": "2024-11-21T07:18:02.780",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-25T17:15:56.150",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Azure/azure-cli/pull/23514"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Azure/azure-cli/pull/24015"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Azure/azure-cli/pull/23514"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Azure/azure-cli/pull/24015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-39327

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-39327

Aliases

CVE-2022-39327

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-39327",
    "description": "Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `\u0026` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.",
    "id": "GSD-2022-39327",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-39327.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-39327"
      ],
      "details": "Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `\u0026` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.",
      "id": "GSD-2022-39327",
      "modified": "2023-12-13T01:19:20.837833Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-39327",
        "STATE": "PUBLIC",
        "TITLE": "Improper Control of Generation of Code (\u0027Code Injection\u0027) in Azure CLI"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "azure-cli",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 2.40.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Azure"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `\u0026` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4",
            "refsource": "CONFIRM",
            "url": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"
          },
          {
            "name": "https://github.com/Azure/azure-cli/pull/23514",
            "refsource": "MISC",
            "url": "https://github.com/Azure/azure-cli/pull/23514"
          },
          {
            "name": "https://github.com/Azure/azure-cli/pull/24015",
            "refsource": "MISC",
            "url": "https://github.com/Azure/azure-cli/pull/24015"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-47xc-9rr2-q7p4",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c2.40.0",
          "affected_versions": "All versions before 2.40.0",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2022-10-25",
          "description": "Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `\u0026` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.",
          "fixed_versions": [
            "2.40.0"
          ],
          "identifier": "CVE-2022-39327",
          "identifiers": [
            "GHSA-47xc-9rr2-q7p4",
            "CVE-2022-39327"
          ],
          "not_impacted": "All versions starting from 2.40.0",
          "package_slug": "pypi/azure-cli",
          "pubdate": "2022-10-25",
          "solution": "Upgrade to version 2.40.0 or above.",
          "title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "urls": [
            "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-39327",
            "https://github.com/Azure/azure-cli/pull/23514",
            "https://github.com/Azure/azure-cli/pull/24015",
            "https://github.com/advisories/GHSA-47xc-9rr2-q7p4"
          ],
          "uuid": "77e11907-930c-4ebb-a29d-7b06aa95a15f"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:azure_command-line_interface:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.40.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-39327"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `\u0026` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Mitigation",
                "Third Party Advisory"
              ],
              "url": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"
            },
            {
              "name": "https://github.com/Azure/azure-cli/pull/23514",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/Azure/azure-cli/pull/23514"
            },
            {
              "name": "https://github.com/Azure/azure-cli/pull/24015",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/Azure/azure-cli/pull/24015"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-06-27T17:20Z",
      "publishedDate": "2022-10-25T17:15Z"
    }
  }
}

PYSEC-2022-43177

Vulnerability from pysec - Published: 2022-10-25 17:15 - Updated: 2025-04-09 17:27

Details

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the & or | symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impacted products

Name	purl
azure-cli	pkg:pypi/azure-cli

Aliases

CVE-2022-39327

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "azure-cli",
        "purl": "pkg:pypi/azure-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.1.0b10",
        "0.1.0b11",
        "0.1.0b4",
        "0.1.0b7",
        "0.1.0b8",
        "0.1.0b9",
        "0.1.1b1",
        "0.1.1b2",
        "0.1.1b3",
        "0.1.2rc1",
        "0.1.2rc2",
        "2.0.0",
        "2.0.1",
        "2.0.10",
        "2.0.12",
        "2.0.13",
        "2.0.14",
        "2.0.15",
        "2.0.16",
        "2.0.17",
        "2.0.18",
        "2.0.19",
        "2.0.2",
        "2.0.20",
        "2.0.21",
        "2.0.22",
        "2.0.23",
        "2.0.24",
        "2.0.25",
        "2.0.26",
        "2.0.27",
        "2.0.28",
        "2.0.29",
        "2.0.3",
        "2.0.30",
        "2.0.31",
        "2.0.32",
        "2.0.33",
        "2.0.34",
        "2.0.35",
        "2.0.37",
        "2.0.38",
        "2.0.4",
        "2.0.40",
        "2.0.41",
        "2.0.42",
        "2.0.43",
        "2.0.44",
        "2.0.45",
        "2.0.46",
        "2.0.47",
        "2.0.48",
        "2.0.49",
        "2.0.5",
        "2.0.50",
        "2.0.51",
        "2.0.52",
        "2.0.53",
        "2.0.54",
        "2.0.55",
        "2.0.56",
        "2.0.57",
        "2.0.58",
        "2.0.59",
        "2.0.6",
        "2.0.60",
        "2.0.61",
        "2.0.62",
        "2.0.63",
        "2.0.64",
        "2.0.65",
        "2.0.66",
        "2.0.67",
        "2.0.68",
        "2.0.69",
        "2.0.7",
        "2.0.70",
        "2.0.71",
        "2.0.72",
        "2.0.73",
        "2.0.74",
        "2.0.75",
        "2.0.76",
        "2.0.77",
        "2.0.78",
        "2.0.79",
        "2.0.8",
        "2.0.80",
        "2.0.81",
        "2.0.9",
        "2.1.0",
        "2.10.0",
        "2.10.1",
        "2.11.0",
        "2.11.1",
        "2.12.0",
        "2.12.1",
        "2.13.0",
        "2.14.0",
        "2.14.1",
        "2.14.2",
        "2.15.0",
        "2.15.1",
        "2.16.0",
        "2.17.0",
        "2.17.1",
        "2.18.0",
        "2.19.0",
        "2.19.1",
        "2.2.0",
        "2.20.0",
        "2.21.0",
        "2.22.0",
        "2.22.1",
        "2.23.0",
        "2.24.0",
        "2.24.1",
        "2.24.2",
        "2.25.0",
        "2.26.0",
        "2.26.1",
        "2.27.0",
        "2.27.1",
        "2.27.2",
        "2.28.0",
        "2.28.1",
        "2.29.0",
        "2.29.1",
        "2.29.2",
        "2.3.0",
        "2.3.1",
        "2.30.0",
        "2.31.0",
        "2.32.0",
        "2.33.0",
        "2.33.1",
        "2.34.0",
        "2.34.1",
        "2.35.0",
        "2.36.0",
        "2.37.0",
        "2.38.0",
        "2.39.0",
        "2.4.0",
        "2.5.0",
        "2.5.1",
        "2.6.0",
        "2.7.0",
        "2.8.0",
        "2.9.0",
        "2.9.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39327"
  ],
  "details": "Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `\u0026` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.",
  "id": "PYSEC-2022-43177",
  "modified": "2025-04-09T17:27:24.642962+00:00",
  "published": "2022-10-25T17:15:56+00:00",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/Azure/azure-cli/pull/23514"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"
    },
    {
      "type": "FIX",
      "url": "https://github.com/Azure/azure-cli/pull/23514"
    },
    {
      "type": "FIX",
      "url": "https://github.com/Azure/azure-cli/pull/24015"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Azure/azure-cli/pull/23514"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Azure/azure-cli/pull/24015"
    }
  ],
  "related": [
    "GHSA-47xc-9rr2-q7p4",
    "GHSA-47xc-9rr2-q7p4"
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-39327

Vulnerability from fstec - Published: 08.11.2022

Title

Уязвимость интерфейса командной строки (CLI) платформы Microsoft Azure, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость интерфейса командной строки (CLI) платформы Microsoft Azure связана с неверным управлением генерацией кода. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Microsoft Corp

Software Name

Azure CLI

Software Version

до 2.40.0 (Azure CLI)

Possible Mitigations

Использование рекомендаций: https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-39327

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-39327 https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4 https://github.com/Azure/azure-cli/pull/24015 https://github.com/Azure/azure-cli/pull/23514

CWE

CWE-94

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 2.40.0 (Azure CLI)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-39327",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.11.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.12.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.12.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-07463",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-39327",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Azure CLI",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows - ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (CLI) \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft Azure, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0435\u0439 \u043a\u043e\u0434\u0430 (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u043a\u043e\u0434\u0430) (CWE-94)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 (CLI) \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft Azure \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0435\u0439 \u043a\u043e\u0434\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043c\u0430 \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435, \u0435\u0441\u043b\u0438 \u043a\u043e\u043c\u0430\u043d\u0434\u0430 Azure CLI \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u043d\u0430 \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435 \u0441 Windows \u0438 \u0441 \u043b\u044e\u0431\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0435\u0439 PowerShell \u0438, \u043a\u043e\u0433\u0434\u0430 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0441\u0438\u043c\u0432\u043e\u043b\u044b \u0026 \u0438\u043b\u0438 |. \u0415\u0441\u043b\u0438 \u043a\u0430\u043a\u043e\u0435-\u043b\u0438\u0431\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u0439 \u043d\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u043e, \u044d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0435\u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043c\u0430.",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-39327\nhttps://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4\nhttps://github.com/Azure/azure-cli/pull/24015\nhttps://github.com/Azure/azure-cli/pull/23514",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-94",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

GHSA-47XC-9RR2-Q7P4

Vulnerability from github – Published: 2022-10-25 19:56 – Updated: 2025-04-09 19:59

Summary

Improper Control of Generation of Code ('Code Injection') in Azure CLI

Details

Description

In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source.

For example: Application X is a web application with a feature that allows users to create Secrets in an Azure KeyVault. Instead of constructing API calls based on user input, Application X uses Azure CLI commands to create the secrets. Application X has input fields presented to the user and the Azure CLI command parameter values are filled based on the user input fields. This input, when formed correctly, could potentially be run as system commands. Below is an example of the resulting Azure CLI command run on the web app's hosting machine.

az keyvault secret set --vault-name SomeVault --name foobar --value "abc123|whoami"

The above command could potentially run the whoami command on the hosting machine.

Interactive, in-terminal use and automation/pipeline scenarios have not been identified as critical risk scenarios.

Code injection prerequisites

The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell andwhen the parameter value contains the & or | symbols. If any of these prerequisites are not met, this vulnerability is not applicable.

1. The command has to be run on Windows

The Azure CLI has an entry script that, when run on Windows, calls cmd.exe to then call Python. This leads into the next prerequisite.

2. The command has to be executed by PowerShell.

PowerShell has input parsing designs that strip out the quotation marks of input with the expectation that it will be taken as a string. When used in a PowerShell environment, the command is input like the above command. However, when it passes through PowerShell into cmd.exe, it looks like the following.

az keyvault secret set --vault-name SomeVault --name foobar --value abc123|whoami

This leads to the 3rd prerequisite as it won’t just try to run any parameter value as a command.

3. The parameter value has to contain a `&` or `|` symbols

In cmd.exe, the & and | symbols invoke command execution. When a string containing this symbols is passed directly to cmd.exe, quotes are kept and command execution is invoked. However, When a string is passed into PowerShell, the quotes are stripped and passed into cmd.exe making it open to execution.

So, in the keyvault example above, the abc123 portion of the value will be accepted correctly but the value after the | symbol will be interpreted as a command.

Impact

Code injection

As mentioned in the above scenario where the value is being provided by and outside source to run an Azure CLI command, system commands or even scripts could be run on a hosting machine.

Patches

Upgrade to Azure CLI 2.40.0 or greater.

As of Azure CLI 2.40.0, a new .ps1 entry script is used as the entry point to call Python rather than cmd.exe. This removes the opportunity for cmd.exe to interpret input as a command invocation. Using this approach has introduced new issues however that you can read about in the "More information" section.

Upgrade to 2.41.0 or greater and manually call the azps.ps1 entry script in identified critical scenarios.

In Azure CLI 2.41.0 we have reverted back to using the cmd.exe entry script as the default while keeping the azps.ps1 entry script for manual Azure CLI calls if users require it.

C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\azps.ps1 keyvault secret set --vault-name SomeVault --name foobar --value "abc123|whoami"

More information

PowerShell Parsing with Azure CLI

PowerShell’s input parsing design has caused regressions and issues in Azure CLI’s behavior resulting in broken scripts and pipelines. Below are the known issues and links to GitHub issues. This should not be taken as a complete list since these are only the reported issues. Users should verify command effectiveness before use in production environments.

To avoid these breaking changes, in Azure CLI 2.41.0 we have reverted back to using the cmd.exe entry script as the default while keeping the azps.ps1 entry script for manual Azure CLI calls if users require it.

🗒️ The .ps1 entry script is only required for similarly identified scenarios like the example above. Interactive use and automation scenarios have not been identified as high risk.

If the azps.ps1 script is needed, you can call it like this:

C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\azps.ps1 vm create

If you have any questions or comments about this advisory: * Open an issue in Azure CLI GitHub repo * Email us at AzPyCLI@microsoft.com

Severity ?

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "azure-cli"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.40.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39327"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-10-25T19:56:51Z",
    "nvd_published_at": "2022-10-25T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "# Description\n\nIn versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. \n\nFor example: Application X is a web application with a feature that allows users to create Secrets in an Azure KeyVault. Instead of constructing API calls based on user input, Application X uses Azure CLI commands to create the secrets. Application X has input fields presented to the user and the Azure CLI command parameter values are filled based on the user input fields. This input, when formed correctly, could potentially be run as system commands. Below is an example of the resulting Azure CLI command run on the web app\u0027s hosting machine. \n\n```bash\naz keyvault secret set --vault-name SomeVault --name foobar --value \"abc123|whoami\"\n```\n\nThe above command could potentially run the `whoami` command on the hosting machine.\n\nInteractive, in-terminal use and automation/pipeline scenarios have not been identified as critical risk scenarios.\n\n## Code injection prerequisites\n\nThe vulnerability is only applicable when the Azure CLI command is run on a Windows machine **_and_** with any version of PowerShell **_and_**when the parameter value contains the `\u0026` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable.\n\n### 1. The command has to be run on Windows\n\nThe Azure CLI has an entry script that, when run on Windows, calls cmd.exe to then call Python. This leads into the next prerequisite.\n\n### 2. The command has to be executed by PowerShell.\n\nPowerShell has input parsing designs that strip out the quotation marks of input with the expectation that it will be taken as a string. When used in a PowerShell environment, the command is input like the above command. However, when it passes through PowerShell into cmd.exe, it looks like the following. \n\n```powershell\naz keyvault secret set --vault-name SomeVault --name foobar --value abc123|whoami\n```\n\nThis leads to the 3rd prerequisite as it won\u2019t just try to run any parameter value as a command. \n\n### 3. The parameter value has to contain a `\u0026` or `|` symbols\n\nIn cmd.exe, the `\u0026` and `|` symbols invoke command execution. When a string containing this symbols is passed directly to cmd.exe, quotes are kept and command execution is invoked. However, When a string is passed into PowerShell, the quotes are stripped and passed into cmd.exe making it open to execution.\n\nSo, in the `keyvault` example above, the `abc123` portion of the value will be accepted correctly but the value after the `|` symbol will be interpreted as a command. \n\n# Impact\n\n## Code injection\n\nAs mentioned in the above scenario where the value is being provided by and outside source to run an Azure CLI command, system commands or even scripts could be run on a hosting machine. \n\n# Patches\n\nUpgrade to Azure CLI 2.40.0 or greater. \n\nAs of Azure CLI 2.40.0, a new .ps1 entry script is used as the entry point to call Python rather than cmd.exe. This removes the opportunity for cmd.exe to interpret input as a command invocation. Using this approach has introduced new issues however that you can read about in the \"More information\" section.\n\nUpgrade to 2.41.0 or greater and manually call the azps.ps1 entry script in identified critical scenarios.\n\nIn Azure CLI 2.41.0 we have [reverted back](https://github.com/Azure/azure-cli/pull/24015) to using the cmd.exe entry script as the default while keeping the azps.ps1 entry script for manual Azure CLI calls if users require it.\n\n```powershell\nC:\\Program Files (x86)\\Microsoft SDKs\\Azure\\CLI2\\wbin\\azps.ps1 keyvault secret set --vault-name SomeVault --name foobar --value \"abc123|whoami\"\n```\n\n## More information\n\n### PowerShell Parsing with Azure CLI\n\nPowerShell\u2019s input parsing design has caused regressions and issues in Azure CLI\u2019s behavior resulting in broken scripts and pipelines.  Below are the known issues and links to GitHub issues. This should not be taken as a complete list since these are **_only the reported_** issues. Users should verify command effectiveness before use in production environments.\n\n1. [PowerShell arrays can\u0027t be passed to Azure CLI](https://github.com/Azure/azure-cli/issues/23797)\n2. [Argument passthrough token (`--`) doesn\u0027t work with Azure CLI in PowerShell](https://github.com/Azure/azure-cli/issues/24034)\n3. [Stop parsing token (`--%`) no longer works with Azure CLI in PowerShell](https://github.com/Azure/azure-cli/issues/24114)\n4. [stdin passing is interrupted for Azure CLI in PowerShell](https://github.com/Azure/azure-cli/issues/2388)\n5. [Azure CLI returns 0 when failing in PowerShell](https://github.com/Azure/azure-cli/issues/23880)\n6. [Azure CLI can no longer be invoked by `Start-Process`](https://github.com/Azure/azure-cli/pull/24015)\n\nTo avoid these breaking changes, in Azure CLI 2.41.0 we have [reverted back](https://github.com/Azure/azure-cli/pull/24015) to using the cmd.exe entry script as the default while keeping the azps.ps1 entry script for manual Azure CLI calls if users require it.\n\n\u003e \ud83d\uddd2\ufe0f The .ps1 entry script is only required for similarly identified scenarios like the example above. Interactive use and automation scenarios have not been identified as high risk.\n\nIf the azps.ps1 script is needed, you can call it like this: \n\n```powershell\nC:\\Program Files (x86)\\Microsoft SDKs\\Azure\\CLI2\\wbin\\azps.ps1 vm create\n```\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Azure CLI GitHub repo](https://github.com/Azure/azure-cli)\n* Email us at [AzPyCLI@microsoft.com](mailto:AzPyCLI@microsoft.com)",
  "id": "GHSA-47xc-9rr2-q7p4",
  "modified": "2025-04-09T19:59:25Z",
  "published": "2022-10-25T19:56:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39327"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Azure/azure-cli/pull/23514"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Azure/azure-cli/pull/24015"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Azure/azure-cli"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/azure-cli/PYSEC-2022-43177.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Control of Generation of Code (\u0027Code Injection\u0027) in Azure CLI"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-39327 (GCVE-0-2022-39327)

CERTFR-2022-AVI-972

Solution

CERTFR-2022-AVI-1014

Solution

FKIE_CVE-2022-39327

GSD-2022-39327

PYSEC-2022-43177

CVE-2022-39327

GHSA-47XC-9RR2-Q7P4

Description

Code injection prerequisites

1. The command has to be run on Windows

2. The command has to be executed by PowerShell.

3. The parameter value has to contain a & or | symbols

Impact

Code injection

Patches

More information

PowerShell Parsing with Azure CLI

Tags

Sightings

Nomenclature

3. The parameter value has to contain a `&` or `|` symbols