Summary
If attacker controlled data is viewed in Cloudshell it could have led to
code execution. This exact same issue existed in Azure previously.
Affected Services
Cloudshell
Remediation
None required
Tracked CVEs
No tracked CVEs
References
https://bugs.chromium.org/p/project-zero/issues/detail?id=2154https://twitter.com/_fel1x/status/1391712232380194818
Contributed by https://github.com/0xdabbad00
Entry Status
Finalized
Disclosure Date
Mon, Feb 8th, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Felix Wilhelm, Google
