Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE

Source
Advertisement


Researchers from Orca Security shared details about a new vulnerability, dubbed Super FabriXss (CVE-2023-23383 – CVSS score: 8.2), in Azure. The experts demonstrated how to escalate a reflected XSS vulnerability in Azure Service Fabric Explorer to an unauthenticated Remote Code Execution.

The researchers explained that they have abused the metrics tab and enabled a specific option in the console – the ‘Cluster Type’ toggle.

The name Super FabriXss comes from the FabriXss flaw (CVE-2022-35829, CVSS score: 6.2) that was addressed by Microsoft in October 2022.

Advertisement