Azure Service Fabric
Monthly
Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.
A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Service Fabric for Linux Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.
Azure Service Fabric on Windows Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.
Service Fabric Explorer Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Azure Service Fabric Container Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Service Fabric Explorer Spoofing Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.
Azure Virtual Machine Information Disclosure Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.
Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.
A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Azure Service Fabric for Linux Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.
Azure Service Fabric on Windows Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.
Service Fabric Explorer Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Azure Service Fabric Container Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.
Service Fabric Explorer Spoofing Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.
Azure Virtual Machine Information Disclosure Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.