New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads
Jun 29, 2022
Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed FabricScape ( CVE-2022-30137 ), could only be weaponized on containers that are configured to have runtime access . It has been remediated as of June 14, 2022, in Service Fabric 9.0 Cumulative Update 1.0 . Azure Service Fabric is Microsoft's platform-as-a-service ( PaaS ) and a container orchestrator solution used to build and deploy microservices-based cloud applications across a cluster of machines. "The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource's host SF node and the entire cluster," Microsoft said as part of the coordinated disclosure process. "Though the bug exi...
