VDB

GCVE-110-CLOUD-2024-0037

GCVE-110-CLOUD-2024-0037
Advisory Published
Vulnetix · Advisory published May 16, 2024
A Microsoft employee accidentally published credentials via a git commit to a public repository. These credentials granted privileged access to an internal Azure Container Registry (ACR) used by Azure, which reportedly held container images utilized by multiple Azure projects, including Azure IoT Edge, Akri, and Apollo. The privileged access could have allowed an attacker to download private images as well as upload new images and (most importantly) overwrite existing ones. In theory, an attacker could have leveraged the latter to implement a supply chain attack against these Azure projects and their users. However, it is currently unknown precisely which images this ACR contained or how they were used, so the effective impact of this issue remains undetermined.

Affected Products

VendorProductVersionsPlatforms
AzureContainer Registry
AzureAzure IoT Edge, Akri, Apollo
AzureCloud Services

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›