Vulnerabilities

Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE

Issued by: Security Affairs

Source
Advertisement


Researchers from Orca Security shared details about a new vulnerability, dubbed Super FabriXss (CVE-2023-23383 – CVSS score: 8.2), in Azure. The experts demonstrated how to escalate a reflected XSS vulnerability in Azure Service Fabric Explorer to an unauthenticated Remote Code Execution.

The researchers explained that they have abused the metrics tab and enabled a specific option in the console – the ‘Cluster Type’ toggle.

The name Super FabriXss comes from the FabriXss flaw (CVE-2022-35829, CVSS score: 6.2) that was addressed by Microsoft in October 2022.

Read more
You might also like
Vulnerabilities

PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers

Vulnerabilities

Because IT security and the C-suite are misaligned, digital transformation increases cyber risk

Vulnerabilities

Insurance Giant Lloyd’s of London Investigating Cybersecurity Incident

Vulnerabilities

Intel Confirms UEFI Source Code Leak as Security Experts Raise Concerns

Advertisement