Security
Headlines
HeadlinesLatestCVEs

Headline

Researchers Detail Severe "Super FabriXss" Vulnerability in Microsoft Azure SFX

Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383 (CVSS score: 8.2), the issue has been dubbed “Super FabriXss” by Orca Security, a nod to the FabriXss flaw (CVE-2022-35829, CVSS score: 6.2) that was fixed by Microsoft in October 2022. "The Super FabriXss vulnerability

The Hacker News
#xss#vulnerability#web#microsoft#git#rce#perl#auth#The Hacker News

Cloud Security / Vulnerability

Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution.

Tracked as CVE-2023-23383 (CVSS score: 8.2), the issue has been dubbed “Super FabriXss” by Orca Security, a nod to the FabriXss flaw (CVE-2022-35829, CVSS score: 6.2) that was fixed by Microsoft in October 2022.

“The Super FabriXss vulnerability enables remote attackers to leverage an XSS vulnerability to achieve remote code execution on a container hosted on a Service Fabric node without the need for authentication,” security researcher Lidor Ben Shitrit said in a report shared with The Hacker News.

XSS refers to a kind of client-side code injection attack that makes it possible to upload malicious scripts into otherwise trusted websites. The scripts then get executed every time a victim visits the compromised website, thereby leading to unintended consequences.

While both FabriXss and Super FabriXss are XSS flaws, Super FabriXss has more severe implications in that it could be weaponized to execute code and potentially gain control of susceptible systems.

Super FabriXss, which resides in the “Events” tab associated with each node in the cluster from the user interface, is also a reflected XSS flaw, meaning the script is embedded into a link, and is only triggered when the link is clicked.

“This attack takes advantage of the Cluster Type Toggle options under the Events Tab in the Service Fabric platform that allows an attacker to overwrite an existing Compose deployment by triggering an upgrade with a specially crafted URL from XSS Vulnerability,” Ben Shitrit explained.

“By taking control of a legitimate application in this way, the attacker can then use it as a platform to launch further attacks or gain access to sensitive data or resources.”

The flaw, according to Orca, impacts Azure Service Fabric Explorer version 9.1.1436.9590 or earlier. It has since been addressed by Microsoft as part of its March 2023 Patch Tuesday update, with the tech giant describing it as a spoofing vulnerability.

“The vulnerability is in the web client, but the malicious scripts executed in the victim’s browser translate into actions executed in the (remote) cluster,” Microsoft noted in its advisory. “A victim user would have to click the stored XSS payload injected by the attacker to be compromised.”

THN WEBINAR

Become an Incident Response Pro!

Unlock the secrets to bulletproof incident response – Master the 6-Phase process with Asaf Perlman, Cynet’s IR Leader!

Don’t Miss Out – Save Your Seat!

The disclosure comes as NetSPI revealed a privilege escalation flaw in Azure Function Apps, enabling users with “read only” permissions to access sensitive information and gain command execution.

It also follows the discovery of a misconfiguration in Azure Active Directory that exposed a number of applications to unauthorized access, including a content management system (CMS) that powers Bing.com.

Cloud security firm Wiz, which codenamed the attack BingBang, said it could be weaponized to alter search results in Bing, and worse, even perform XSS attacks on its users.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer

Categories: Exploits and vulnerabilities Categories: News Tags: Azure Tags: Microsoft Tags: Super FabriXss Tags: RCE Tags: vulnerability Tags: CVE-2023-23383 Researchers disclosed how they found a remote code execution vulnerability in Azure Service Fabric Explorer. (Read more...) The post Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer appeared first on Malwarebytes Labs.

Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps

Microsoft has patched a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed several "high-impact" applications to unauthorized access. "One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results, but also launch high-impact XSS attacks on Bing users," cloud security

Microsoft Patches 'Dangerous' RCE Flaw in Azure Cloud Service

The vulnerability would have allowed an unauthenticated attacker to execute code on a container hosted on one of the platform's nodes.

CVE-2023-23383

Service Fabric Explorer Spoofing Vulnerability

CVE-2023-23383: Service Fabric Explorer Spoofing Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** The vulnerability is in the web client, but the malicious scripts executed in the victim’s browser translate into actions executed in the (remote) cluster.

Researchers Detail Azure SFX Flaw That Could've Allowed Attackers to Gain Admin Access

Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer (SFX) that could potentially enable an attacker to gain administrator privileges on the cluster. The vulnerability, tracked as CVE-2022-35829, carries a CVSS severity rating of 6.2 and was addressed by Microsoft as part of its Patch Tuesday updates last week. Orca

Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk

Summary Microsoft was recently made aware of a Cross-Site Scripting (XSS) vulnerability (CVE-2022-35829), that under limited circumstances, affects older versions of Service Fabric Explorer (SFX). The current default SFX web client (SFXv2) is not vulnerable to this attack. However, customers can manually switch from the default web client (SFXv2) to an older vulnerable SFX web … Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk Read More »

Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk

Summary Summary Microsoft was recently made aware of a Cross-Site Scripting (XSS) vulnerability (CVE-2022-35829), that under limited circumstances, affects older versions of Service Fabric Explorer (SFX). The current default SFX web client (SFXv2) is not vulnerable to this attack. However, customers can manually switch from the default web client (SFXv2) to an older vulnerable SFX web client version (SFXv1).

CVE-2022-35829

Service Fabric Explorer Spoofing Vulnerability.