Описание
Azure Data Explorer Spoofing Vulnerability
FAQ
According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?
This vulnerability discloses a user's JSON web token to the attacker.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
How do I get the security update for Azure Data Explorer?
You need to restart the Kusto.Explorer application. The update will be automatically downloaded.
Where can I find information about the update?
Release notes for the update are available in the application menu under Help->What’s new, under the applicable Version.
According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability?
The compromised JSON web token can be used to compromise accounts and modify account information.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
8.1 High
CVSS3
Связанные уязвимости
Уязвимость службы аналитики данных Azure Data Explorer, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг-атаки
EPSS
8.1 High
CVSS3