CVE-2023-23383 - OpenCVE

Service Fabric Explorer Spoofing Vulnerability

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Azure Service Fabric

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:azure_service_fabric:9.1:-::::ubuntu::*
	cpe:2.3:a:microsoft:azure_service_fabric:9.1:-::::windows::*

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2023-03-14T16:55:22.269Z

Updated: 2024-05-29T03:32:15.349Z

Reserved: 2023-01-11T22:08:03.134Z

Link: CVE-2023-23383

JSON object: View

NVD Information

Status : Modified

Published: 2023-03-14T17:15:12.317

Modified: 2024-05-29T04:15:13.613

Link: CVE-2023-23383

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-23383", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2023-01-11T22:08:03.134Z", "datePublished": "2023-03-14T16:55:22.269Z", "dateUpdated": "2024-05-29T03:32:15.349Z"}, "containers": {"cna": {"title": "Service Fabric Explorer Spoofing Vulnerability", "datePublic": "2023-03-14T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Azure Service Fabric 9.0 for Linux", "cpes": ["cpe:2.3:a:microsoft:azure_service_fabric:9.0:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "9.0", "lessThan": "9.0.1317.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Azure Service Fabric 9.1 for Windows", "cpes": ["cpe:2.3:a:microsoft:azure_service_fabric:9.1:-:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "9.0", "lessThan": "9.1.1583.9590", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Azure Service Fabric 9.1 for Ubuntu", "cpes": ["cpe:2.3:a:microsoft:azure_service_fabric:9.1:-:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "9.0", "lessThan": "9.1.1388.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Azure Service Fabric 9.0 for Windows", "cpes": ["cpe:2.3:a:microsoft:azure_service_fabric:9.0:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "9.0", "lessThan": "9.0.1380.9590", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Service Fabric Explorer Spoofing Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en-US", "type": "CWE", "cweId": "CWE-79"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-05-29T03:32:15.349Z"}, "references": [{"name": "Service Fabric Explorer Spoofing Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C"}}]}}}