Security News > 2024 > June > Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation
Tenable thinks these tags can be abused by a rogue Azure customer to access other customers' stuff - a cross-tenant attack - if those victims rely on Service Tags in their firewall rules.
"We appreciate the collaboration with Tenable to responsibly disclose the inherent risk in using Service Tags as a single mechanism for vetting secure network traffic," a Microsoft spokesperson told The Register.
In addition to that Microsoft cloud service, the vulnerability affects at least 10 other Azure services, we're told.
"Many customers are using Azure Service Tags to achieve network isolation," Matan told The Register.
Thus, we're led to believe, it's possible for one Azure user to control the HTTP requests sent by an Azure service to another customer, and if that other customer blindly trusts the request - because it's coming from a service covered by a Service Tag - it reaches the victim's app, allowing the rogue user to potentially remotely control or monitor that app.
"When a service grants users the option to control server-side requests, and the service is associated with Azure Service Tags, things can get risky if the customer does not have additional layers of protection," Tenable warned.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/06/05/tenable_azure_flaw/