ZDI-23-1588: Microsoft Azure US Accelarators Synapse SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability

Nov. 6, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to bypass authentication on Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.

attackers authentication authentication bypass azure bypass bypass vulnerability cvss exploit microsoft microsoft azure permission rating sas synapse token vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-483: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 19 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +20

ZDI-24-482: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability 2 days, 19 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-481: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability 2 days, 19 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-480: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability 2 days, 19 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-479: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability 2 days, 19 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-478: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability 2 days, 19 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +18

ZDI-24-477: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability 2 days, 19 hours ago | www.zerodayinitiative.com

acrobat acrobat reader adobe adobe acrobat +20

ZDI-24-476: (Pwn2Own) QNAP TS-464 HLS_tmp Directory Traversal Arbitrary File Creation Vulnerability 2 days, 19 hours ago | www.zerodayinitiative.com

arbitrary code attackers authentication code +14

ZDI-24-475: (Pwn2Own) QNAP TS-464 File Upload Directory Traversal Arbitrary File Creation Vulnerability 2 days, 19 hours ago | www.zerodayinitiative.com

arbitrary files attackers authentication cve +16

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Incident Response Lead(IR)

@ Blue Yonder | Hyderabad

View on infosec-jobs.com

Comcast Cybersecurity: Privacy Operations Executive Director

@ Comcast | PA - Philadelphia, 1701 John F Kennedy Blvd

View on infosec-jobs.com

all InfoSec news

ZDI-23-1588: Microsoft Azure US Accelarators Synapse SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability

More from www.zerodayinitiative.com / ZDI: Published Advisories

Jobs in InfoSec / Cybersecurity

Sr. Product Manager

Information Security Engineers

Technology Security Analyst

Senior Cyber Security Analyst

Incident Response Lead(IR)

Comcast Cybersecurity: Privacy Operations Executive Director