VDB
GCVE-110-CLOUD-2023-0045
GCVE-110-CLOUD-2023-0045
Advisory Published
Undocumented APIs used by the Azure Function Apps Portal could have allowed an attacker with existing
access to a Reader role on a Function App to escalate their privileges and gain write permissions
through arbitrary file reads on Function App containers. For Windows containers, this would only
grant an attacker the ability to extract ASP.NET encryption keys (the impact of which remains unclear),
but for Linux containers it would have allowed an attacker to read environmental variables containing
information that ultimately granted access to Function master keys. This in turn would have allowed
overwriting Function App code and gaining remote code execution within the container.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Azure | Azure Function Apps | — | — |
| Azure | Cloud Services | — | — |
Browse GCVE Records
72,580 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.