• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers detail 8 vulnerabilities in azure hdinsight analytics service

Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service

You are here: Home / General Cyber Security News / Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service
September 13, 2023

Extra information have emerged about a established of now-patched cross-web-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-supply analytics provider that could be weaponized by a threat actor to carry out destructive routines.

“The recognized vulnerabilities consisted of 6 stored XSS and two mirrored XSS vulnerabilities, every single of which could be exploited to complete unauthorized steps, various from data accessibility to session hijacking and providing malicious payloads,” Orca security researcher Lidor Ben Shitrit said in a report shared with The Hacker News.

The issues were being resolved by Microsoft as portion of its Patch Tuesday updates for August 2023.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

The disclosure comes a few months following equivalent shortcomings were being documented in the Azure Bastion and Azure Container Registry that could have been exploited for unauthorized information accessibility and modifications.

The record of flaws is as follows –

  • CVE-2023-35393 (CVSS score: 4.5) – Azure Apache Hive Spoofing Vulnerability
  • CVE-2023-35394 (CVSS score: 4.6) – Azure HDInsight Jupyter Notebook Spoofing Vulnerability
  • CVE-2023-36877 (CVSS rating: 4.5) – Azure Apache Oozie Spoofing Vulnerability
  • CVE-2023-36881 (CVSS rating: 4.5) – Azure Apache Ambari Spoofing Vulnerability
  • CVE-2023-38188 (CVSS score: 4.5) – Azure Apache Hadoop Spoofing Vulnerability

“An attacker would have to ship the target a malicious file that the target would have to execute,” Microsoft observed in its advisories for the bugs. “An authorized attacker with visitor privileges should mail a victim a destructive internet site and persuade them to open up it.”

XSS attacks come about when an adversary injects rogue scripts into a legit site, which subsequently get executed on victims’ web browsers when checking out the internet site. While reflected XSS targets consumers who are tricked into clicking on a fraudulent connection, Stored XSS is embedded in a web web site and affects all buyers accessing it.

Forthcoming WEBINARIdentity is the New Endpoint: Mastering SaaS Security in the Modern Age

Dive deep into the future of SaaS security with Maor Bin, CEO of Adaptive Defend. Find why identification is the new endpoint. Secure your place now.

Supercharge Your Skills

The cloud security company reported that all the flaws stem from a absence of proper enter sanitization that makes it feasible to render malicious figures on loading the dashboard.

“These weaknesses collectively allow an attacker to inject and execute malicious scripts when the stored data is retrieved and displayed to people,” Ben Shitrit pointed out, urging businesses to carry out suitable input validation and output encoding to “ensure that consumer-generated info is correctly sanitized prior to remaining exhibited in web pages.”

Uncovered this posting interesting? Observe us on Twitter  and LinkedIn to study far more exceptional articles we publish.


Some areas of this post are sourced from:
thehackernews.com

Previous Post: «webinar: identity threat detection & response (itdr) – rips in Webinar: Identity Threat Detection & Response (ITDR) – Rips in Your Identity Fabric
Next Post: Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints alert: new kubernetes vulnerabilities enable remote attacks on windows endpoints»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.