SYM_CONF_0057 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Azure Event Grid Domain resource is configured to allow public network access, which means it can be reached from anywhere on the internet. This increases the risk of unauthorized access to event data and management operations.
Impact
If public network access is enabled, attackers could potentially connect to the Event Grid Domain from outside the organization's network, leading to data exposure, unauthorized event publishing or subscription, and compromise of event-driven workflows within your Azure environment.