Palo Alto discovered and reported a Microsoft Azure Command Line Interface (CLI) enabling unauthenticated attackers to remotely access plain text content written by Azure CLI to Continuous Integration and Continuous Deployment (CI/CD) logs. As Microsoft's statement, the vulnerability impacts customers using Azure CLI commands through Azure DevOps and/or GitHub Actions. The risk is a potential unauthorized disclosure of sensitive information, including usernames and credentials, via log files. Microsoft recommends upgrading to the Azure CLI version 2.54.
- Clipeus
Comments