title: Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service
slug: synapse-spark-lpe-jan2024
cves: null
affectedPlatforms:
- Azure
affectedServices:
- Synapse Analytics
image: https://raw.githubusercontent.com/wiz-sec/open-cvdb/main/images/[slug].jpg
severity: Medium
discoveredBy:
name: Jimi Sebree
org: Tenable
domain: https://www.tenable.com/
twitter: @dinobytes
disclosedAt: 2024/03/07
exploitabilityPeriod: September 2023 - January 2024
knownITWExploitation: false
summary: |
Tenable Research discovered a privilege escalation flaw that allows a user to escalate privileges to that
of the root user within the context of a Spark VM. This escalation was achieved because of a permissions issue with scripts utilized by the Vegas Caching service present in the environment.
manualRemediation: |
None required
detectionMethods: null
contributer: https://github.com/dinobytes
references:
- https://www.tenable.com/security/research/tra-2024-06