MSRC_CVE-2022-35798

Vulnerability from csaf_microsoft - Published: 2022-07-12 07:00 - Updated: 2022-07-21 07:00
Summary
Azure Arc Jumpstart Information Disclosure Vulnerability

Notes

Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action
Required. The vulnerability documented by this CVE requires customer action to resolve.
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "\u003ca href=\"https://https/\"\u003eJimi Sebree\u003c/a\u003e with \u003ca href=\"https://tenable.com/\"\u003eTenable\u003c/a\u003e"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2022-35798 Azure Arc Jumpstart Information Disclosure Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35798"
      },
      {
        "category": "self",
        "summary": "CVE-2022-35798 Azure Arc Jumpstart Information Disclosure Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2022/msrc_cve-2022-35798.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Azure Arc Jumpstart Information Disclosure Vulnerability",
    "tracking": {
      "current_release_date": "2022-07-21T07:00:00.000Z",
      "generator": {
        "date": "2025-07-08T15:35:54.238Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2022-35798",
      "initial_release_date": "2022-07-12T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-07-21T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c2.0",
            "product": {
              "name": "Azure Arc Jumpstart \u003c2.0",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "2.0",
            "product": {
              "name": "Azure Arc Jumpstart 2.0",
              "product_id": "12067"
            }
          }
        ],
        "category": "product_name",
        "name": "Azure Arc Jumpstart"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-35798",
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "An information disclosure vulnerability exists in Azure Arc Jumpstart that could allow an authenticated user to view certain credentials and other sensitive information contained in a log file.\nThe client virtual machine is protected behind a secured Azure virtual network (VNET) without access from the internet. A potential attacker would first have to compromise the VNET to have network access to the Azure client virtual machine (Azure Arc Jumpstart-Client).  There is only one provisioned user on the client virtual machine, and this user\u2019s credentials are protected by a username and password provided by the end-user at deployment time. There are no other \u201clow level\u201d users that have login access to the virtual machine. The only user credential with access to the VM is the one created and supplied by the original Azure Arc Jumpstart end-user. A potential attacker would first need to gain access to a user login credentials and only then open a remote desktop session (RDP) into the virtual machine.\nThe type of information that could be disclosed is information stored in the logs, which could include credentials as well as other sensitive information for the system\nThe primary use-case for Azure Arc Jumpstart is to provide an automated training and demo environment intended to be used in sandbox Azure subscriptions. ArcBox does not disclose any personal information or sensitive customer data. In the context of disclosed vulnerability, no customer data were compromised.\nThe Azure Arc Jumpstart service principal credential secret has been removed from the log output of the custom script extension and this fix is now live for all Jumpstart scenarios.  If you are an existing user, Microsoft recommends rolling your  service principal credential secret. If you are new to Azure Arc Jumpstart, there are no actions necessary.\nThe removal of the service principal credential secret from the log was completed on 5/26/2022.\nPlease see Announcing Jumpstart ArcBox 2.0 for more information.",
          "title": "What is the nature of this vulnerability?"
        },
        {
          "category": "faq",
          "text": "The attacker would already need to be logged into the target Azure Arc Jumpstart client virtual machine to be able to discover the information.",
          "title": "According to the CVSS metric, the attack vector is local (AV:L). What does this mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Successfully exploiting this vulnerability allows an attacker to get access to the information stored in the logs. The disclosed information is scoped to the specific system and does not provide the attacker with any additional privileges.",
          "title": "According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "The attacker would have to be present on the Azure Arc Jumpstart virtual machine as a regular user to be able to exploit this vulnerability.",
          "title": "According to the CVSS metric, privileges required is low (PR:L). What privileges are required?"
        }
      ],
      "product_status": {
        "fixed": [
          "12067"
        ],
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-35798 Azure Arc Jumpstart Information Disclosure Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35798"
        },
        {
          "category": "self",
          "summary": "CVE-2022-35798 Azure Arc Jumpstart Information Disclosure Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2022/msrc_cve-2022-35798.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-07-21T07:00:00.000Z",
          "details": "2.0:Security Update:https://techcommunity.microsoft.com/t5/azure-arc-blog/announcing-jumpstart-arcbox-2-0/ba-p/3025679",
          "product_ids": [
            "1"
          ],
          "url": "https://techcommunity.microsoft.com/t5/azure-arc-blog/announcing-jumpstart-arcbox-2-0/ba-p/3025679"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Information Disclosure"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:No"
        }
      ],
      "title": "Azure Arc Jumpstart Information Disclosure Vulnerability"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.