Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI

November 15, 2023 at 09:57AM Microsoft has released patches and guidance for a high-severity vulnerability in Azure CLI that could expose sensitive information. The bug allowed certain Azure CLI functions to inadvertently expose secrets through CI/CD logs, potentially compromising plaintext passwords and usernames. Microsoft has made changes to Azure CLI commands to address the issue … Read more

Microsoft fixes critical Azure CLI flaw that leaked credentials in logs

November 14, 2023 at 01:46PM Microsoft has addressed a critical security vulnerability in Azure CLI that could allow attackers to steal credentials from GitHub Actions or Azure DevOps logs. The bug, identified as CVE-2023-36052, enables unauthenticated attackers to access plain text contents written by Azure CLI to CI/CD logs. Microsoft advises users to update to … Read more