Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service
Sep 13, 2023
Vulnerability / Data Security
More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. "The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads," Orca security researcher Lidor Ben Shitrit said in a report shared with The Hacker News. The issues were addressed by Microsoft as part of its Patch Tuesday updates for August 2023. The disclosure comes three months after similar shortcomings were reported in the Azure Bastion and Azure Container Registry that could have been exploited for unauthorized data access and modifications. The list of flaws is as follows - CVE-2023-35393 (CVSS score: 4.5) - Azure Apac...