#Security Vulnerability

**How could an attacker exploit this vulnerability?** An attacker with basic user permissions can send specially crafted requests to modify the configuration of an Azure CycleCloud cluster to gain Root level permissions enabling them to execute commands on any Azure CycleCloud cluster in the current instance and in some scenarios, compromise administrator credentials.

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**How could an attacker exploit this vulnerability?** An attacker with the administrator role of "azure\_pg\_admin" in the target environment could exploit this vulnerability to gain the same privileges as a SuperUser by sending a specially crafted request to an Azure Database for PostgreSQL Flexible Server with specific non-default functionality enabled.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploits this vulnerability would gain the same privileges as the SuperUser role.

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.80 11/07/2024 130.0.6723.117

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.80 11/07/2024 130.0.6723.117

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.68 10/31/2024 130.0.6723.91/.92

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.68 10/31/2024 130.0.6723.91/.92

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**