VDB

GCVE-110-CLOUD-2021-0030

GCVE-110-CLOUD-2021-0030
Advisory Published
Vulnetix · Advisory published March 9, 2021
A vulnerability in the Azure Linux VM extension mechanism allowed an unprivileged user to leak any Azure VM extension’s private data. An attacker could have abused this to gain credentials for the VM itself as well as credentials for extensions associated with the VM. Paired with the design of the VMAccess extension (an official Azure extension for managing VM credentials), this could have been used to achieve privilege escalation, as an unprivileged attacker would have been able to elevate themselves to a higher privileged user by leaking the VMAccess admin password. Additionally, if the VMAccess password happened to be shared among other Azure VMs, the attacker would have been able to perform lateral movement to other machines. The root cause of this vulnerability was that the certificates endpoint used for decrypting extension credentials did not validate transport certificates, so an attacker could simply issue their own valid transport certificate. Moreover, although an iptables rule was in place to prevent unprivileged access to this endpoint, an attacker could bypass it by directing their requests to the Azure IMDS instead, which happened to be located on the same machine as the certificates endpoint.

Affected Products

VendorProductVersionsPlatforms
AzureCloud Services

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›