in ,

Azure Cloud Shell Command Injection Stealing User’s Access Token

Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’ terminals. Using the executed code, I accessed the Metadata service attached to the terminal and obtained the user’s access token. This access token provides an attacker the Azure permissions of the victim user and enables them to perform operations on its behalf.

The vulnerability was reported to Microsoft who subsequently fixed the issue.

  • Aug 24, 2022: MSRC confirmed the issue and opened investigation. MSRC awarded a $10,000 bounty.
  • Aug 29, 2022: Microsoft deployed the fix.

This post was created with our nice and easy submission form. Create your post!

What do you think?

-1 Points
Upvote Downvote

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

CVE-2022-2588 – Linux kernel cls_route UAF

Exploiting a Seagate service for SYSTEM shell (CVE-2022-40286)