VDB

GCVE-110-CLOUD-2023-0045

GCVE-110-CLOUD-2023-0045
Advisory Published
Vulnetix · Advisory published March 23, 2023
Undocumented APIs used by the Azure Function Apps Portal could have allowed an attacker with existing access to a Reader role on a Function App to escalate their privileges and gain write permissions through arbitrary file reads on Function App containers. For Windows containers, this would only grant an attacker the ability to extract ASP.NET encryption keys (the impact of which remains unclear), but for Linux containers it would have allowed an attacker to read environmental variables containing information that ultimately granted access to Function master keys. This in turn would have allowed overwriting Function App code and gaining remote code execution within the container.

Affected Products

VendorProductVersionsPlatforms
AzureAzure Function Apps
AzureCloud Services

References

advisory

Browse GCVE Records

72,580 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›