Login Sign Up

CVE-2023-35393

4.5 MEDIUM
Cross-Site Scripting

📋 TL;DR

CVE-2023-35393 is a cross-site scripting (XSS) vulnerability in Azure Apache Hive that allows attackers to inject malicious scripts into web pages viewed by other users. This affects Azure HDInsight clusters running Apache Hive. Attackers could potentially steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:
  • Azure HDInsight
Versions: Azure HDInsight clusters running Apache Hive
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Azure HDInsight deployments with Apache Hive component enabled.

📦 What is this software?

Azure Hdinsight by Microsoft

View all CVEs affecting Azure Hdinsight →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could steal administrator credentials, gain unauthorized access to the Hive cluster, exfiltrate sensitive data, or pivot to other Azure resources.

🟠

Likely Case

Attackers inject malicious scripts to steal user session cookies or credentials, potentially compromising individual user accounts within the Hive interface.

🟢

If Mitigated

With proper input validation and output encoding, the impact is limited to script execution within the user's browser session only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires attacker to have ability to inject malicious content into Hive web interface that other users will view.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply latest Azure HDInsight platform updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35393

Restart Required: Yes

Instructions:

1. Log into Azure Portal
2. Navigate to your HDInsight cluster
3. Check for available platform updates
4. Apply the latest security updates
5. Restart affected services

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add to web server configuration: Content-Security-Policy: default-src 'self'

Input Validation Filtering

all

Implement server-side input validation for all user inputs

🧯 If You Can't Patch

  • Restrict access to Hive web interface using network security groups
  • Implement web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check if your Azure HDInsight cluster is running an unpatched version by reviewing update status in Azure Portal

Check Version:

az hdinsight show --name <cluster-name> --resource-group <resource-group> --query properties.clusterVersion

Verify Fix Applied:

Verify that latest platform updates have been applied successfully in Azure Portal cluster overview

📡 Detection & Monitoring

Log Indicators:

  • Unusual script tags or JavaScript in Hive query logs
  • Multiple failed login attempts followed by successful login from same IP

Network Indicators:

  • Unusual outbound connections from Hive servers
  • Traffic patterns suggesting data exfiltration

SIEM Query:

source="hive-logs" AND ("<script>" OR "javascript:" OR "onload=" OR "onerror=")

📊 Metadata

CVE ID: CVE-2023-35393
CVSS v3 Score: 4.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
CWE: CWE-79
EPSS Score: 0.27% exploit probability (50.1th percentile)
Published: August 8, 2023
Last Updated: February 11, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35393, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)