VDB
GCVE-110-CLOUD-2022-0011
GCVE-110-CLOUD-2022-0011
Advisory Published
Service Fabric Explorer (SFX) is a tool for inspecting and managing Azure Service Fabric clusters.
An attacker with existing access to a "Deployer" type user with CreateComposeDeployment permissions
in a given cluster could create a malicious application with a specially-crafted name. This would
lead to client-side template injection (CSTI) and storing a malicious XSS payload in a dashboard
shared between users of the same cluster. If a victim user with administrative permissions logged
into the compromised SFX dashboard and clicked on the aforementioned payload, the attacker could
hijack their permissions to perform a cluster node reset, erasing all customized settings including
passwords and security configurations. This would allow the attacker to create new passwords and
thereby gain full administrator access of the cluster.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Azure | Azure Service Fabric Explorer (SFX) | — | — |
| Azure | Cloud Services | — | — |
Aliases
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.