Three high-risk vulnerabilities have been uncovered in Microsoft Azure’s HDInsight, its big-data analytics service. Orca Security disclosed eight vulnerabilities in the cloud data tool four and a half months ago, and now there is a new finding. The new findings include a denial-of-service and two privilege escalation bugs afflicting the same services as the previous report. The new trio of findings opens the door to unauthorized administrative access.
Attackers with this access can read, write, delete and perform any other management operations over an organization’s sensitive data. One of the escalation bugs impacts Apache Ambari, an open source tool that simplifies Apache Hadoop cluster development, management and monitoring. The other two relate to Apache Oozie, a workflow scheduler for Hadoop. These vulnerabilities are significant because data processing tools in an organization setting can house massive amounts of valuable information.
Read More: Microsoft Azure HDInsight Bugs Expose Big Data to Breaches