Exploiting a bug in Azure Functions to escape Docker

From securityaffairs.co

Cybersecurity researcher Paul Litvak from Intezer Lab disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited by an attacker to escalate privileges and escape the Docker container that hosts them.

The experts with his colleagues was investigating the Azure compute infrastructure.

“We found a new vulnerability in Azure Functions, which would allow an attacker to escalate privileges and escape the Azure Functions Docker container to the Docker host.” reads the post published by Intezer Lab.

Read more…