FabriXss
Published Tue, Oct 11th, 2022
Platforms
Summary
Service Fabric Explorer (SFX) is a tool for inspecting and managing Azure Service Fabric clusters. An attacker with existing access to a "Deployer" type user with CreateComposeDeployment permissions in a given cluster could create a malicious application with a specially-crafted name. This would lead to client-side template injection (CSTI) and storing a malicious XSS payload in a dashboard shared between users of the same cluster. If a victim user with administrative permissions logged into the compromised SFX dashboard and clicked on the aforementioned payload, the attacker could hijack their permissions to perform a cluster node reset, erasing all customized settings including passwords and security configurations. This would allow the attacker to create new passwords and thereby gain full administrator access of the cluster.
Affected Services
Azure Service Fabric Explorer (SFX)
Remediation
Update Service Fabric Runtime to version 8.1.316 or above.
Tracked CVEs
CVE-2022-35829
References
Contributed by https://github.com/korniko98
Entry Status
Finalized
Disclosure Date
Thu, Aug 11th, 2022
Exploitability Period
-
Known ITW Exploitation
-
Detection Methods
Vulnerable versions of Service Fabric Explorer (SFXv1) have URLs in the following format: https://<your instance name>. cloudapp.azure.com:19080 /Explorer/old.html#/ (as opposed to index.html).
Piercing Index Rating
-
Discovered by
Lidor Ben Shitrit, Roee Sagi, Orca Security
