Microsoft recently patched a vulnerability that can allow an attacker to gain full administrator permissions on Azure Service Fabric clusters. A distributed systems platform called Azure Service Fabric makes it simple to package, launch, and manage containers and micro services.
On-premises or in the cloud, users can create Service Fabric clusters, which are the hardware resources where applications can be deployed. An open-source tool for inspecting and managing these clusters is called Service Fabric Explorer (SFX). SFX v1 has a spoofing vulnerability, as discovered by researchers at cloud security firm Orca.
The problem involves stored cross-site scripting and client-side template injection (CSTI), and it is identified as CVE-2022-35829 by Orca (XSS). Customers who are using an outdated version of the tool, which has a URL ending in “old.html,” are said to be vulnerable to attacks by the tech giant.