SYM_CONF_0045 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Azure File Sync resource is configured to allow public network access, meaning it can be reached from any internet location. This lacks proper access controls and exposes your storage to unauthorized users.
Impact
If exploited, attackers could access, modify, or delete files stored in Azure File Sync from outside your trusted network. This could lead to data breaches, data loss, or compliance violations.