Microsoft Azure HDInsight Plagued With XSS Vulnerabilities
To boot, the technology could be riddled with other flaws via its Apache services components, a security vendor says.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
To boot, the technology could be riddled with other flaws via its Apache services components, a security vendor says.
More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities
Microsoft quickly issued patches for the two security issues, which could allow unauthorized access to cloud sessions.
Two "dangerous" security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting (XSS) attacks
They could allow unauthorized access to sessions within the compromised Azure service iframe
Microsoft has patched a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed several "high-impact" applications to unauthorized access
The cross-site scripting flaw affects SFX version 9.1.1436.9590 or earlier and has a CVSS of 8.2