The Microsoft Azure HDInsight open-source analytics service has a number of cross-site scripting (XSS) vulnerabilities that have been addressed but might still be used by threat actors for harmful purposes.
According to a report given to The Hacker News by Orca security researcher Lidor Ben Shitrit, “the identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions, ranging from data access to session hijacking and delivering malicious payloads.”Microsoft fixed the problems as part of their August 2023 Patch Tuesday upgrades.
The information was made public three months after reports of similar flaws in the Azure Bastion and Azure Container Registry that might have been used to get unauthorized access to data read more Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.