CVE-2022-35829
published 2022-10-11CVE-2022-35829: Service Fabric Explorer Spoofing Vulnerability Service Fabric Explorer Spoofing Vulnerability
medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
19.76%
97.1th percentile
Service Fabric Explorer Spoofing Vulnerability
Service Fabric Explorer Spoofing Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_service_fabric_explorer | >= 8.1.0.0 < 8.1.316.9590 | 8.1.316.9590 |
| msrc | azure_service_fabric_explorer | — | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvelistv56.2MEDIUM
vendor_msrc6.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Service Fabric Explorer Spoofing Vulnerability
vendor_msrc·2022-10-11·CVSS 6.2
CVE-2022-35829 [MEDIUM] Service Fabric Explorer Spoofing Vulnerability
Service Fabric Explorer Spoofing Vulnerability
FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?
An attacker needs to have CreateComposeDeployment permission to exploit this vulnerability. Please refer to the Security/ClientAccess section of Customize Service Fabric cluster settings for more information on the permission.
FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
The vulnerability is in the web client, but the malicious scripts executed in the victim’s browser translate into actions executed in the (remote) cluster.
FAQ: How can I ensure I am not on a vulnerable version of Service Fabric Explorer?
A vulnerable version of Serv
CVEList
Service Fabric Explorer Spoofing Vulnerability
cvelistv5·2022-10-11·CVSS 6.2
CVE-2022-35829 [MEDIUM] Service Fabric Explorer Spoofing Vulnerability
Service Fabric Explorer Spoofing Vulnerability
Service Fabric Explorer Spoofing Vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-10-11
Published