Microsoft Patches Flaw Permitting Complete Access to Azure Service Fabric Clusters


Microsoft recently patched a vulnerability that can allow an attacker to gain full administrator permissions on Azure Service Fabric clusters. A distributed systems platform called Azure Service Fabric makes it simple to package, launch, and manage containers and micro services.

On-premises or in the cloud, users can create Service Fabric clusters, which are the hardware resources where applications can be deployed. An open-source tool for inspecting and managing these clusters is called Service Fabric Explorer (SFX). SFX v1 has a spoofing vulnerability, as discovered by researchers at cloud security firm Orca.

The problem involves stored cross-site scripting and client-side template injection (CSTI), and it is identified as CVE-2022-35829 by Orca (XSS). Customers who are using an outdated version of the tool, which has a URL ending in “old.html,” are said to be vulnerable to attacks by the tech giant.

Read More: Microsoft Patches Vulnerability Allowing Full Access to Azure Service Fabric Clusters

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.