VDB
GCVE-110-CLOUD-2021-0030
GCVE-110-CLOUD-2021-0030
Advisory Published
A vulnerability in the Azure Linux VM extension mechanism allowed an unprivileged
user to leak any Azure VM extension’s private data. An attacker could have abused
this to gain credentials for the VM itself as well as credentials for extensions
associated with the VM. Paired with the design of the VMAccess extension (an official
Azure extension for managing VM credentials), this could have been used to achieve
privilege escalation, as an unprivileged attacker would have been able to elevate themselves
to a higher privileged user by leaking the VMAccess admin password. Additionally, if the VMAccess
password happened to be shared among other Azure VMs, the attacker would have been able to perform
lateral movement to other machines. The root cause of this vulnerability was that the
certificates endpoint used for decrypting extension credentials did not validate transport
certificates, so an attacker could simply issue their own valid transport certificate.
Moreover, although an iptables rule was in place to prevent unprivileged access to this
endpoint, an attacker could bypass it by directing their requests to the Azure IMDS instead,
which happened to be located on the same machine as the certificates endpoint.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Azure | Cloud Services | — | — |
References
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.