Open Nav
Sign Up

New Vulnerabilities in Azure HDInsight Services

Bar Refael

February 7, 2024

Recent discoveries have unveiled three significant security vulnerabilities within Azure HDInsight’s Apache Hadoop, Kafka, and Spark services. These vulnerabilities pose risks of privilege escalation and a regular expression denial-of-service (ReDoS) condition, affecting authenticated users across various Azure HDInsight services, including Apache Ambari and Apache Oozie.

Vulnerability Details

  • CVE-2023-36419 (CVSS score: 8.8): This vulnerability in Azure HDInsight Apache Oozie Workflow Scheduler involves XML External Entity (XXE) Injection, leading to elevation of privilege. It results from insufficient user input validation, enabling attackers to read root-level files and escalate privileges.
  • CVE-2023-38156 (CVSS score: 7.2): Found in Azure HDInsight Apache Ambari, this Java Database Connectivity (JDBC) Injection vulnerability also facilitates elevation of privilege. Attackers can exploit this flaw to execute a specially crafted network request, potentially obtaining a reverse shell as root.
  • Azure HDInsight Apache Oozie Regular Expression Denial-of-Service (ReDoS) Vulnerability: This flaw, while not assigned a CVE, stems from inadequate input validation, allowing attackers to initiate an intensive loop operation through a large range of action IDs, causing DoS.

Attack Scenario and Exploitation

These vulnerabilities enable an authenticated attacker with access to the target HDI cluster to gain cluster administrator privileges through specially crafted network requests. The XXE and JDBC injection flaws specifically allow for privilege escalation, while the ReDoS vulnerability can severely disrupt system operations, degrade performance, and impact service availability and reliability.

Response and Mitigation

Microsoft has addressed these vulnerabilities by releasing fixes on October 26, 2023, following responsible disclosure protocols. Organizations using Azure HDInsight services are strongly encouraged to apply these updates promptly to mitigate the risks associated with these vulnerabilities.

Threat Landscape and Impact

The discovery of these vulnerabilities highlights the ongoing security challenges within cloud services and the potential for exploitation that can lead to unauthorized data access, system disruption, and compromised system integrity. It follows previous disclosures by Orca Security, which detailed vulnerabilities in the same ecosystem capable of data access, session hijacking, and malicious payload delivery.

Additionally, Orca Security’s recent findings regarding Google Cloud Dataproc clusters underscore the broader issue of security risks in cloud environments, emphasizing the need for stringent security controls and vigilant management of cloud resources.

Conclusion

The identification of new vulnerabilities in Azure HDInsight’s services serves as a critical reminder of the importance of regular security assessments, prompt patch management, and the adoption of comprehensive security measures to protect cloud environments against emerging threats. Organizations must remain proactive in their security practices to safeguard their cloud infrastructure and sensitive data against potential exploitation.

Stay safe and informed,

OP Innovate.

Resources highlights

Critical Cisco ISE Vulnerabilities Lead to Unauthenticated RCE (CVE-2025-20281 & CVE-2025-20282)

On June 25, 2025, Cisco disclosed and patched two critical remote code execution (RCE) vulnerabilities: CVE-2025-20281 and CVE-2025-20282, affecting its widely deployed Identity Services Engine…

Read more >

CVE-2025-20281 & CVE-2025-20282

Critical Vulnerability in MegaRAC BMC Added to CISA’s KEV: CVE-2024-54085

On June 25, 2025, CISA added CVE‑2024‑54085, a critical authentication bypass vulnerability in the MegaRAC SPx Baseboard Management Controller (BMC) firmware, to its Known Exploited…

Read more >

CVE-2024-54085

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls The UK’s National Cyber Security Centre (NCSC) has issued an alert regarding a sophisticated malware campaign dubbed “UMBRELLA…

Read more >

umbrella stand fortinet

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

A critical local privilege escalation vulnerability in the Notepad++ v8.8.1 installer allows attackers to escalate to NT AUTHORITY\SYSTEM using binary planting techniques. Tracked as CVE-2025-49144,…

Read more >

CVE-2025-49144

Our Red Team’s Favorite Penetration Testing Tools in 2025 (And How We Use Them)

When it comes to red team operations, the tools you choose can make or break the engagement. From initial reconnaissance to post-exploitation, having a streamlined,…

Read more >

pentesting tools - op

New Linux Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Enable Full Root Access in Seconds

Security researchers have uncovered a critical privilege escalation chain in major Linux distributions that allows any local user with a session (SSH or GUI) to…

Read more >

CVE-2025-6018, CVE-2025-6019
Under Cyber Attack?

Fill out the form and we will contact you immediately.