You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Azure: Container Breakout in Azure Cloud Shell and Azure Container Instances
Summary: Azure failed to restrict customers' containers on ACS and ACI from accessing services on the underlying node, allowing for container breakout via the Kubelet API which allowed anonymous access. The researcher could see other customers' containers running on neighboring Kubernetes nodes, but decided to stop and report to MSRC. Though cross-account access wasn't demonstrated, the high bounty (30,000$) indicates MSRC considered the issue to be severe. It should be noted that compromising another customer's Cloud Shell instance is an absolutely devastating attack resulting in a full takeover of the victim's Azure account.
Azure: Container Breakout in Azure Cloud Shell and Azure Container Instances
The text was updated successfully, but these errors were encountered: