critical

Synlapse

Published Mon, May 9th, 2022

Platforms

Summary

Azure Synapse Analytics and Azure Data Factory were vulnerable to cross-tenant access and code execution. This was made possible via a combination of (1) a shell injection RCE vulnerability in the integration runtime, (2) credentials for multiple customers stored on a shared host and (3) an insecure management server API.

Affected Services

Synapse Analytics, Data Factory

Remediation

None required

Tracked CVEs

CVE-2022-29972

References

https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Tue, Jan 4th, 2022

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

8.63

(PI:1.5/A1:22/A2:1/A7:1.1/A8:0.9)

Discovered by

Tzah Pahima, Orca Security

More vulnerabilities...

low

AWS package backfill attack

Two malicious versions were created of packages previously used by AWS. The packages were officially authored and maintained by AWS before they were removed by their legitimate author, and once the...

Mend Diffend

Sun, May 1st, 2022

critical

ExtraReplica

A chain of critical vulnerabilities was discovered in Azure Database for PostgreSQL Flexible Server, allowing unauthorized read access to other customers’ PostgreSQL databases, thus bypassing tenan...

Sagi Tzadik, Nir Ohfeld, Sh...

Thu, Apr 28th, 2022

high

AWS SSM agent local privilege escalation

The Amazon SSM Agent (used for managing EC2 instances via Amazon Systems Manager) created a world-writable sudoers file, which would have allowed local attackers to inject Sudo rules and escalate p...

Matthias Gerstner, SUSE

Wed, Apr 20th, 2022

View all