Open Nav
Sign Up

New Vulnerabilities in Azure HDInsight Services

Bar Refael

February 7, 2024

Recent discoveries have unveiled three significant security vulnerabilities within Azure HDInsight’s Apache Hadoop, Kafka, and Spark services. These vulnerabilities pose risks of privilege escalation and a regular expression denial-of-service (ReDoS) condition, affecting authenticated users across various Azure HDInsight services, including Apache Ambari and Apache Oozie.

Vulnerability Details

  • CVE-2023-36419 (CVSS score: 8.8): This vulnerability in Azure HDInsight Apache Oozie Workflow Scheduler involves XML External Entity (XXE) Injection, leading to elevation of privilege. It results from insufficient user input validation, enabling attackers to read root-level files and escalate privileges.
  • CVE-2023-38156 (CVSS score: 7.2): Found in Azure HDInsight Apache Ambari, this Java Database Connectivity (JDBC) Injection vulnerability also facilitates elevation of privilege. Attackers can exploit this flaw to execute a specially crafted network request, potentially obtaining a reverse shell as root.
  • Azure HDInsight Apache Oozie Regular Expression Denial-of-Service (ReDoS) Vulnerability: This flaw, while not assigned a CVE, stems from inadequate input validation, allowing attackers to initiate an intensive loop operation through a large range of action IDs, causing DoS.

Attack Scenario and Exploitation

These vulnerabilities enable an authenticated attacker with access to the target HDI cluster to gain cluster administrator privileges through specially crafted network requests. The XXE and JDBC injection flaws specifically allow for privilege escalation, while the ReDoS vulnerability can severely disrupt system operations, degrade performance, and impact service availability and reliability.

Response and Mitigation

Microsoft has addressed these vulnerabilities by releasing fixes on October 26, 2023, following responsible disclosure protocols. Organizations using Azure HDInsight services are strongly encouraged to apply these updates promptly to mitigate the risks associated with these vulnerabilities.

Threat Landscape and Impact

The discovery of these vulnerabilities highlights the ongoing security challenges within cloud services and the potential for exploitation that can lead to unauthorized data access, system disruption, and compromised system integrity. It follows previous disclosures by Orca Security, which detailed vulnerabilities in the same ecosystem capable of data access, session hijacking, and malicious payload delivery.

Additionally, Orca Security’s recent findings regarding Google Cloud Dataproc clusters underscore the broader issue of security risks in cloud environments, emphasizing the need for stringent security controls and vigilant management of cloud resources.

Conclusion

The identification of new vulnerabilities in Azure HDInsight’s services serves as a critical reminder of the importance of regular security assessments, prompt patch management, and the adoption of comprehensive security measures to protect cloud environments against emerging threats. Organizations must remain proactive in their security practices to safeguard their cloud infrastructure and sensitive data against potential exploitation.

Stay safe and informed,

OP Innovate.

Resources highlights

Critical Gitea Docker Authentication Bypass Under Active Probing: CVE-2026-20896

A critical authentication bypass vulnerability, tracked as CVE-2026-20896, has been disclosed in the official Gitea Docker image. Gitea is a self-hosted software development platform used…

Read more >

gitea_docker_cve-2026-20896

Adobe Patches Multiple Critical ColdFusion and Campaign Classic Vulnerabilities: CVE-2026-48282 Exploitation Observed

Adobe has released security updates for multiple critical vulnerabilities affecting Adobe ColdFusion and Adobe Campaign Classic, including several flaws rated CVSS 10.0.CVE-2026-48282, a critical ColdFusion…

Read more >

adobe_coldfusion_campaign classic_cve-2026-48282

CVE-2026-46817: Critical Oracle E-Business Suite Vulnerability

A critical vulnerability in Oracle E-Business Suite is now being actively exploited in the wild. Tracked as CVE-2026-46817, the flaw affects the File Transmission component…

Read more >

cve-2026-46817-oracle-e-business

Cisco Unified CM Vulnerability CVE-2026-20230 Targeted After Public PoC Disclosure 

Cisco has disclosed and patched CVE-2026-20230, a critical SSRF vulnerability affecting Cisco Unified Communications Manager and Unified CM SME when the WebDialer service is enabled.…

Read more >

CVE-2026-20230

Microsoft Confirms Unpatched RoguePlanet Defender Zero-Day (CVE-2026-50656)

Microsoft has confirmed a new Microsoft Defender zero-day vulnerability tracked as CVE-2026-50656 and publicly referred to as RoguePlanet. The flaw affects the Microsoft Malware Protection…

Read more >

RoguePlanet_cve-2026-50656

FortiBleed Campaign Exposes Fortinet Firewall and VPN Credentials at Scale

A large-scale credential abuse campaign dubbed FortiBleed has reportedly affected tens of thousands of Fortinet firewall and VPN devices worldwide. Public reporting indicates that threat…

Read more >

fortibleed
Under Cyber Attack?

Fill out the form and we will contact you immediately.