Mitigation for Azure Storage SDK Client-Side Encryption Padding Oracle Vulnerability

  • Thread starter Thread starter MSRC
  • Start date Start date
M

MSRC

Summary Google informed Microsoft under Coordinated Vulnerability Disclosure (CVD) of a padding oracle vulnerability that may affect customers using Azure Storage SDK (for Python, .NET, Java) client-side encryption (CVE-2022-30187). To mitigate this vulnerability, we released a new General Availability (GA) version of the Azure Storage SDK client-side encryption feature (v2) on July 12, 2022.

Continue reading...
 
Back
Top