VDB

GCVE-110-CLOUD-2022-0011

GCVE-110-CLOUD-2022-0011
Advisory Published
Vulnetix · Advisory published October 11, 2022
Service Fabric Explorer (SFX) is a tool for inspecting and managing Azure Service Fabric clusters. An attacker with existing access to a "Deployer" type user with CreateComposeDeployment permissions in a given cluster could create a malicious application with a specially-crafted name. This would lead to client-side template injection (CSTI) and storing a malicious XSS payload in a dashboard shared between users of the same cluster. If a victim user with administrative permissions logged into the compromised SFX dashboard and clicked on the aforementioned payload, the attacker could hijack their permissions to perform a cluster node reset, erasing all customized settings including passwords and security configurations. This would allow the attacker to create new passwords and thereby gain full administrator access of the cluster.

Affected Products

VendorProductVersionsPlatforms
AzureAzure Service Fabric Explorer (SFX)
AzureCloud Services

References

FabriXss
advisory
advisory
advisory

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›