medium

Privilege escalation and file poisoning in Synapse Analytics

Published Mon, Jun 13th, 2022

Platforms

Summary

Tenable Research discovered a privilege escalation flaw that allows a user to escalate privileges to that of the root user within the context of a Spark VM. They also discovered a separate flaw that allows a user to poison the hosts file on all nodes in their Spark pool, which would allow an attacker to redirect subsets of traffic and snoop on services users generally do not have access to.

Affected Services

Synapse Analytics

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://medium.com/tenable-techblog/microsoft-azure-synapse-pwnalytics-87c99c036291 https://www.tenable.com/security/research/tra-2022-19 https://www.tenable.com/security/research/tra-2022-20

Contributed by https://github.com/mer-b

Entry Status

Finalized

Disclosure Date

Thu, Mar 10th, 2022

Exploitablity Period

Until June 1st, 2022

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Tenable

More vulnerabilities...

medium

GKE Authorized Networks bypass via Cloud Functions or Cloud Run

Executing Cloud Functions or Cloud Run in any project and in any organization allowed bypassing the GKE Authorized Networks (aka Kubernetes control plane firewalls) of a cluster in a different pro...

Peter Collins

Tue, Jun 7th, 2022

low

MWAA logs leak tokens and hostnames

Two API calls used by Amazon Managed Workflows for Apache Airflow (MWAA) to convert AWS IAM credentials into tokens that can be used to login to Airflow (CreateCliToken and CreateWebLoginToken) wer...

Ben Reser, Vibes

Tue, May 31st, 2022

medium

ELB Cache mechanism HTTP header smuggling

While testing rate-limiter protection, The researcher noticed that when forcing HTTP/1 requests and injecting a space after `X-Forwarded-For` he was able to override this specific header, letting ...

Andrea Brancaleoni, Brave

Tue, May 17th, 2022

View all