Vulnerabilities > CVE-2020-16904 - Incorrect Authorization vulnerability in Microsoft Azure Functions

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

microsoft

CWE-863

NVD

Published: 2020-10-16

Updated: 2023-12-31

Summary

An elevation of privilege vulnerability exists in the way Azure Functions validate access keys. An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization. This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Azure Functions -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16904