Command Injection in azure/ms-rest-nodeauth
Valid
Reported on
Mar 9th 2021
✍️ Description
the core function execAz() which is purposely used for az command can be injected with arbitrary other OS commands. Also the attackers can exploit this vulnerability by calling AzureCliCredentials.setDefaultSubscription("OS command") from the Azure CLI.
🕵️♂️ Proof of Concept
// PoC.js
auth = require('@azure/ms-rest-nodeauth');
auth.AzureCliCredentials.setDefaultSubscription('$(touch pzhou@shu)');
then the illegal file pzhou@shu can be created.
💥 Impact
This vulnerability is capable of executing arbitrary OS commands injected by the Azure CLI users or the network users in case some developers use the Azure CLI as a proxy or middleware.
Occurrences
to join this conversation