Orca Security identifies fresh Azure Bastion and Container Registry vulnerabilities

Orca Security, an independent cybersecurity research organization, announced that it has uncovered a fresh vulnerability in Azure, this time affecting Azure Bastion and Container Registry. The vulnerabilities opened opportunities for cross-site scripting attacks. Orca promptly informed Microsoft, which resolved the vulnerabilities.

In a cross-site scripting attack, an attacker injects a trusted site with malicious code to gain entry through a user’s browser. postMessages are used by apps to send messages between windows. A vulnerability in this system in the two affected Azure services allowed attackers to insert endpoints into remote servers to execute malicious Javascript.

As a broader takeaway, Orca recommends that organizations sanitize and validate input data, whitelist trusted domains, reduce accepted message types, and put in place a content security policy. The Orca team explained:

Fully aware of the risks associated with the postMessage iframe XSS vulnerability, in recent years, Microsoft has implemented several related security enhancements in Azure. These include stricter content security policies (CSPs) to prevent the execution of untrusted scripts, robust input validation mechanisms, and enhanced monitoring and logging capabilities to detect and respond to potential XSS attacks in real-time. Microsoft also emphasizes the importance of secure coding practices, encouraging developers to sanitize and validate user input effectively…