Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation

2024-06-05 06:44

Tenable thinks these tags can be abused by a rogue Azure customer to access other customers' stuff - a cross-tenant attack - if those victims rely on Service Tags in their firewall rules.

"We appreciate the collaboration with Tenable to responsibly disclose the inherent risk in using Service Tags as a single mechanism for vetting secure network traffic," a Microsoft spokesperson told The Register.

In addition to that Microsoft cloud service, the vulnerability affects at least 10 other Azure services, we're told.

"Many customers are using Azure Service Tags to achieve network isolation," Matan told The Register.

Thus, we're led to believe, it's possible for one Azure user to control the HTTP requests sent by an Azure service to another customer, and if that other customer blindly trusts the request - because it's coming from a service covered by a Service Tag - it reaches the victim's app, allowing the rogue user to potentially remotely control or monitor that app.

"When a service grants users the option to control server-side requests, and the service is associated with Azure Service Tags, things can get risky if the customer does not have additional layers of protection," Tenable warned.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/06/05/tenable_azure_flaw/

#azure #bounty #bugbounty #microsoft #tenable

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		701	775	4527	4650	3617	13569
Tenable		14	18	71	42	13	144

News URL

Related news

Related vendor