An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00N3hjLTlycjItcTdwNM4AAvif

Improper Control of Generation of Code ('Code Injection') in Azure CLI


In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source.

For example: Application X is a web application with a feature that allows users to create Secrets in an Azure KeyVault. Instead of constructing API calls based on user input, Application X uses Azure CLI commands to create the secrets. Application X has input fields presented to the user and the Azure CLI command parameter values are filled based on the user input fields. This input, when formed correctly, could potentially be run as system commands. Below is an example of the resulting Azure CLI command run on the web app's hosting machine.

az keyvault secret set --vault-name SomeVault --name foobar --value "abc123|whoami"

The above command could potentially run the whoami command on the hosting machine.

Interactive, in-terminal use and automation/pipeline scenarios have not been identified as critical risk scenarios.

Code injection prerequisites

The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell **and**when the parameter value contains the & or | symbols. If any of these prerequisites are not met, this vulnerability is not applicable.

1. The command has to be run on Windows

The Azure CLI has an entry script that, when run on Windows, calls cmd.exe to then call Python. This leads into the next prerequisite.

2. The command has to be executed by PowerShell.

PowerShell has input parsing designs that strip out the quotation marks of input with the expectation that it will be taken as a string. When used in a PowerShell environment, the command is input like the above command. However, when it passes through PowerShell into cmd.exe, it looks like the following.

az keyvault secret set --vault-name SomeVault --name foobar --value abc123|whoami

This leads to the 3rd prerequisite as it won’t just try to run any parameter value as a command.

3. The parameter value has to contain a & or | symbols

In cmd.exe, the & and | symbols invoke command execution. When a string containing this symbols is passed directly to cmd.exe, quotes are kept and command execution is invoked. However, When a string is passed into PowerShell, the quotes are stripped and passed into cmd.exe making it open to execution.

So, in the keyvault example above, the abc123 portion of the value will be accepted correctly but the value after the | symbol will be interpreted as a command.


Code injection

As mentioned in the above scenario where the value is being provided by and outside source to run an Azure CLI command, system commands or even scripts could be run on a hosting machine.


Upgrade to Azure CLI 2.40.0 or greater.

As of Azure CLI 2.40.0, a new .ps1 entry script is used as the entry point to call Python rather than cmd.exe. This removes the opportunity for cmd.exe to interpret input as a command invocation. Using this approach has introduced new issues however that you can read about in the "More information" section.

Upgrade to 2.41.0 or greater and manually call the azps.ps1 entry script in identified critical scenarios.

In Azure CLI 2.41.0 we have reverted back to using the cmd.exe entry script as the default while keeping the azps.ps1 entry script for manual Azure CLI calls if users require it.

C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\azps.ps1 keyvault secret set --vault-name SomeVault --name foobar --value "abc123|whoami"

More information

PowerShell Parsing with Azure CLI

PowerShell’s input parsing design has caused regressions and issues in Azure CLI’s behavior resulting in broken scripts and pipelines. Below are the known issues and links to GitHub issues. This should not be taken as a complete list since these are only the reported issues. Users should verify command effectiveness before use in production environments.

  1. PowerShell arrays can't be passed to Azure CLI
  2. Argument passthrough token (--) doesn't work with Azure CLI in PowerShell
  3. Stop parsing token (--%) no longer works with Azure CLI in PowerShell
  4. stdin passing is interrupted for Azure CLI in PowerShell
  5. Azure CLI returns 0 when failing in PowerShell
  6. Azure CLI can no longer be invoked by Start-Process

To avoid these breaking changes, in Azure CLI 2.41.0 we have reverted back to using the cmd.exe entry script as the default while keeping the azps.ps1 entry script for manual Azure CLI calls if users require it.

🗒️ The .ps1 entry script is only required for similarly identified scenarios like the example above. Interactive use and automation scenarios have not been identified as high risk.

If the azps.ps1 script is needed, you can call it like this:

C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\azps.ps1 vm create

If you have any questions or comments about this advisory:

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago

CVSS Score: 8.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-47xc-9rr2-q7p4, CVE-2022-39327
References: Repository:
Blast Radius: 19.6

Affected Packages

Dependent packages: 33
Dependent repositories: 263
Downloads: 6,444,881 last month
Affected Version Ranges: < 2.40.0
Fixed in: 2.40.0
All affected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.20, 2.0.21, 2.0.22, 2.0.23, 2.0.24, 2.0.25, 2.0.26, 2.0.27, 2.0.28, 2.0.29, 2.0.30, 2.0.31, 2.0.32, 2.0.33, 2.0.34, 2.0.35, 2.0.37, 2.0.38, 2.0.40, 2.0.41, 2.0.42, 2.0.43, 2.0.44, 2.0.45, 2.0.46, 2.0.47, 2.0.48, 2.0.49, 2.0.50, 2.0.51, 2.0.52, 2.0.53, 2.0.54, 2.0.55, 2.0.56, 2.0.57, 2.0.58, 2.0.59, 2.0.60, 2.0.61, 2.0.62, 2.0.63, 2.0.64, 2.0.65, 2.0.66, 2.0.67, 2.0.68, 2.0.69, 2.0.70, 2.0.71, 2.0.72, 2.0.73, 2.0.74, 2.0.75, 2.0.76, 2.0.77, 2.0.78, 2.0.79, 2.0.80, 2.0.81, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.4.0, 2.5.0, 2.5.1, 2.6.0, 2.7.0, 2.8.0, 2.9.0, 2.9.1, 2.10.0, 2.10.1, 2.11.0, 2.11.1, 2.12.0, 2.12.1, 2.13.0, 2.14.0, 2.14.1, 2.14.2, 2.15.0, 2.15.1, 2.16.0, 2.17.0, 2.17.1, 2.18.0, 2.19.0, 2.19.1, 2.20.0, 2.21.0, 2.22.0, 2.22.1, 2.23.0, 2.24.0, 2.24.1, 2.24.2, 2.25.0, 2.26.0, 2.26.1, 2.27.0, 2.27.1, 2.27.2, 2.28.0, 2.28.1, 2.29.0, 2.29.1, 2.29.2, 2.30.0, 2.31.0, 2.32.0, 2.33.0, 2.33.1, 2.34.0, 2.34.1, 2.35.0, 2.36.0, 2.37.0, 2.38.0, 2.39.0
All unaffected versions: 2.40.0, 2.41.0, 2.42.0, 2.43.0, 2.44.0, 2.44.1, 2.45.0, 2.46.0, 2.47.0, 2.48.0, 2.48.1, 2.49.0, 2.50.0, 2.51.0, 2.52.0, 2.53.0, 2.53.1, 2.54.0, 2.55.0, 2.56.0, 2.57.0, 2.58.0, 2.59.0, 2.60.0, 2.61.0, 2.62.0