CVE-2024-38108

CVSS 3.1 Score 9.3 of 10 (high)

Details

Published Aug 13, 2024

Updated: Aug 16, 2024

CWE ID 79

Summary

CVE-2024-38108 is a new vulnerability affecting Azure Stack Hub. This issue allows an unauthenticated attacker to spoof identities, potentially gaining unauthorized access to sensitive resources. By manipulating specific headers in a request, an attacker can trick Azure Stack Hub into granting privileges and access that should only be available to authenticated and authorized users. This vulnerability can lead to serious consequences, including data breaches and unauthorized system modifications. Microsoft is urging all Azure Stack Hub users to apply the latest security updates and patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wbHgIH
https://www.cve.org/CVERecord?id=CVE-2024-38108
https://nvd.nist.gov/vuln/detail/CVE-2024-38108

Back to Vulnerability Database

CVE-2024-38108

CVSS 3.1 Score 9.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations