Security News > 2024 > June > Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation

Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation
2024-06-05 06:44

Tenable thinks these tags can be abused by a rogue Azure customer to access other customers' stuff - a cross-tenant attack - if those victims rely on Service Tags in their firewall rules.

"We appreciate the collaboration with Tenable to responsibly disclose the inherent risk in using Service Tags as a single mechanism for vetting secure network traffic," a Microsoft spokesperson told The Register.

In addition to that Microsoft cloud service, the vulnerability affects at least 10 other Azure services, we're told.

"Many customers are using Azure Service Tags to achieve network isolation," Matan told The Register.

Thus, we're led to believe, it's possible for one Azure user to control the HTTP requests sent by an Azure service to another customer, and if that other customer blindly trusts the request - because it's coming from a service covered by a Service Tag - it reaches the victim's app, allowing the rogue user to potentially remotely control or monitor that app.

"When a service grants users the option to control server-side requests, and the service is associated with Azure Service Tags, things can get risky if the customer does not have additional layers of protection," Tenable warned.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/06/05/tenable_azure_flaw/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 708 787 4584 4638 3637 13646
Tenable 14 18 70 41 13 142