SYM_CONF_0053 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Azure Data Factory resource is not configured to use a Git repository for source control. This means changes to data factory pipelines and resources are not tracked or versioned.
Impact
Without source control, unauthorized or accidental changes can go undetected, increasing the risk of misconfigurations or data leaks. Attackers or insiders could alter pipelines without an audit trail, making it harder to recover or investigate incidents.