CVE-2023-23383
published 2023-03-14CVE-2023-23383: Service Fabric Explorer Spoofing Vulnerability Service Fabric Explorer Spoofing Vulnerability
medium4.7CVSS 3.1
AVNACHPRNUIRSCCLILAN
EPSS
11.69%
95.5th percentile
Service Fabric Explorer Spoofing Vulnerability
Service Fabric Explorer Spoofing Vulnerability
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_service_fabric_9.0_for_linux | >= 9.0 < 9.0.1317.1 | 9.0.1317.1 |
| microsoft | azure_service_fabric_9.0_for_windows | >= 9.0 < 9.0.1380.9590 | 9.0.1380.9590 |
| microsoft | azure_service_fabric_9.1_for_ubuntu | >= 9.0 < 9.1.1388.1 | 9.1.1388.1 |
| microsoft | azure_service_fabric_9.1_for_windows | >= 9.0 < 9.1.1583.9590 | 9.1.1583.9590 |
| msrc | azure_service_fabric_9.0_for_linux | — | — |
| msrc | azure_service_fabric_9.0_for_windows | — | — |
| msrc | azure_service_fabric_9.1_for_ubuntu | — | — |
| msrc | azure_service_fabric_9.1_for_windows | — | — |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
cvelistv58.2HIGH
vendor_msrc8.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Service Fabric Explorer Spoofing Vulnerability
vendor_msrc·2023-03-14·CVSS 8.2
CVE-2023-23383 [HIGH] CWE-79 Service Fabric Explorer Spoofing Vulnerability
Service Fabric Explorer Spoofing Vulnerability
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
A victim user would have to click the stored XSS payload injected by the attacker to be compromised.
FAQ: According to the CVSS metric, confidentiality impact is low (C:L) but Integrity and Availability are High (I:H, A:H). What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could potentially view sensitive data and perform operations on the targeted Service Fabric cluster, which could impact data integrity or availability.
FAQ: How can I update my Service Fabric Cluster to the latest version?
If you have automatic updates, no action is needed. However, for those who choose to
CVEList
Service Fabric Explorer Spoofing Vulnerability
cvelistv5·2023-03-14·CVSS 8.2
CVE-2023-23383 [HIGH] CWE-79 Service Fabric Explorer Spoofing Vulnerability
Service Fabric Explorer Spoofing Vulnerability
Service Fabric Explorer Spoofing Vulnerability
No detection rules found.
No public exploits indexed.
2023-03-14
Published