本页列出影响 microsoft azure_command-line_interface 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-24049 | Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. | [email protected] | 8.4 | 0.09% | 2025-03-11 | 2025-07-02 |
| CVE-2024-43591 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability | [email protected] | 8.7 | 0.38% | 2024-10-08 | 2025-07-02 |
| CVE-2023-36052 | Azure CLI REST Command Information Disclosure Vulnerability | [email protected] | 8.6 | 0.40% | 2023-11-14 | 2025-07-02 |
| CVE-2022-39327 | Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these | [email protected] | 8.1 | 1.38% | 2022-10-25 | 2024-11-21 |