Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services

Microsoft’s Azure HDInsight services have been found to contain significant vulnerabilities in their Apache Hadoop, Kafka, and Spark frameworks. These flaws could potentially be exploited to achieve privilege escalation and cause a regular expression denial-of-service (ReDoS) condition, posing serious security risks. According to Orca Security, this could affect any authenticated user of Azure HDInsight’s AP services such as Apache Ambari and Apache Oozie. Microsoft, as the supplier of Azure HDInsight, needs to address and rectify these vulnerabilities to ensure user data security and maintain service integrity.

Published: Tue, 06 Feb 2024 19:32:00 +0530