VDB

GCVE-110-CLOUD-2022-0014

GCVE-110-CLOUD-2022-0014
Advisory Published
Vulnetix · Advisory published September 20, 2022
An issue in Azure Cloud Shell could have allowed an attacker to take over an Azure App Service domain and leverage it to inject and execute commands in other tenants' terminals if they navigated to the domain while logged into their account. Using this method, an attacker could query the Azure IMDS on other tenants' behalf and thereby obtain their access tokens.

Affected Products

VendorProductVersionsPlatforms
AzureCloud Shell
AzureCloud Services
AzureApp Service

References

advisory

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›