Researchers Uncover XSS Vulnerabilities in Azure Services
Cyber Security Threat Summary:
Cybersecurity experts at Orca Security have identified two critical cross-site scripting (XSS) vulnerabilities in Microsoft Azure services. The vulnerabilities are related to an identified weakness in the postMessage iframe. Abusing this flaw could expose Azure users to potential security breaches. These vulnerabilities were found in both Azure Bastion and the Azure Container Registry, which are two commonly used services in the Azure ecosystem.
"Despite several Azure security enhancements to mitigate the postMessage iframe XSS vulnerability, we still managed to uncover two Azure services – Azure Bastion and Azure Container Registry – that were exploitable via this vulnerability," Orca wrote in a report published today.
Security Officer Comments:
The Azure Bastion vulnerability is the result of mishandling the postMessage handler, this allows an attacker to exploit three distinct postMessage cases. Through the sending of a specially crafted postMessage, an attacker can execute malicious scripts and potentially compromise user sessions and user data.
The Azure Container Registry vulnerability allows attackers to inject and execute arbitrary scripts within the context of the container registry. Attackers can then manipulate the behavior of the web application to steal sensitive information and to carry out unauthorized actions.
"The vulnerabilities allowed unauthorized access to the victim's session within the compromised Azure service iframe, which can lead to severe consequences, including unauthorized data access, unauthorized modifications, and disruption of the Azure services iframes," Orca wrote.
Suggested Correction(s):
Orca reported the vulnerabilities to Microsoft's Security Response Center (MSRC) who were able to reproduce Orca's findings. Both vulnerabilities have now been fixed and verified, Orca says no further action is required by Azure users.
Link(s):
Source:
https://www.infosecurity-magazine.com/news/xss-flaws-azure-uncovered/
https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/