Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn't need a fix, just better documentation

2024-06-05 06:44

Tenable thinks these tags can be abused by a rogue Azure customer to access other customers' stuff - a cross-tenant attack - if those victims rely on Service Tags in their firewall rules.

"We appreciate the collaboration with Tenable to responsibly disclose the inherent risk in using Service Tags as a single mechanism for vetting secure network traffic," a Microsoft spokesperson told The Register.

In addition to that Microsoft cloud service, the vulnerability affects at least 10 other Azure services, we're told.

"Many customers are using Azure Service Tags to achieve network isolation," Matan told The Register.

Thus, we're led to believe, it's possible for one Azure user to control the HTTP requests sent by an Azure service to another customer, and if that other customer blindly trusts the request - because it's coming from a service covered by a Service Tag - it reaches the victim's app, allowing the rogue user to potentially remotely control or monitor that app.

"When a service grants users the option to control server-side requests, and the service is associated with Azure Service Tags, things can get risky if the customer does not have additional layers of protection," Tenable warned.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/06/05/tenable_azure_flaw/

#azure #bounty #bugbounty #microsoft #tenable

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		708	787	4584	4638	3637	13646
Tenable		14	18	70	41	13	142

News URL

Related news

Related vendor