[Contribution] Add Azure Bastion and Container Registry XSS vulnerabilities - Githubissues

wiz-sec / open-cvdb

An open project to list all publicly known cloud vulnerabilities and CSP security issues

https://cloudvulndb.org

Creative Commons Attribution 4.0 International

306 stars 61 forks source link

[Contribution] Add Azure Bastion and Container Registry XSS vulnerabilities #183

Closed korniko98 closed 1 year ago

korniko98 commented 1 year ago

Summary (give a brief description of the issue)

Microsoft recently mitigated a set of cross-site scripting vulnerabilities affecting Azure Bastion and Azure Container Registry (ACR). Exploitation of these vulnerabilities could have potentially allowed for an unauthorized user to gain access to a target user’s session within the compromised Azure service, and subsequently lead to data tampering or resource modification.

References (provide links to blogposts, etc.)

https://msrc.microsoft.com/blog/2023/06/microsoft-mitigates-set-of-cross-site-scripting-xss-vulnerabilities-in-azure-bastion-and-azure-container-registry/ https://orca.security/resources/blog/examining-two-xss-vulnerabilities-in-azure-services/