Service Fabric Explorer Spoofing Vulnerability
CVE-2023-23383

8.2HIGH

Key Information:

Vendor: Microsoft
Status: Azure Service Fabric 9.0 For Linux; Azure Service Fabric 9.1 For Windows; Azure Service Fabric 9.1 For Ubuntu; Azure Service Fabric 9.0 For Windows
Vendor: CVE Published:; 14 March 2023

Summary

The Service Fabric Explorer spoofing vulnerability allows an attacker to impersonate legitimate users within the application. This can lead to unauthorized access and manipulation of sensitive data. It is crucial for users to apply the necessary security updates and follow best practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

Azure Service Fabric 9.0 for Linux Unknown 9.0 < 9.0.1317.1

Azure Service Fabric 9.0 for Windows Unknown 9.0 < 9.0.1380.9590

Azure Service Fabric 9.1 for Ubuntu Unknown 9.0 < 9.1.1388.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 14, 2023
Vulnerability Reserved
Jan 11, 2023