VDB

GCVE-110-CLOUD-2023-0009

GCVE-110-CLOUD-2023-0009
Advisory Published
Vulnetix · Advisory published November 16, 2023
A vulnerability in Azure Function Apps allowed extraction of Managed Identity credentials from the encrypted startup context of Linux containers. This gave attackers with container access the ability to persist as the Managed Identity, breaking the intended security model. Microsoft has since patched the issue by encrypting the sensitive payload.

Affected Products

VendorProductVersionsPlatforms
AzureFunctions
AzureAzure Functions, Managed Identities
AzureCloud Services
AzureManaged Identity

References

advisory
advisory

Browse GCVE Records

73,053 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›