SYM_CONF_0065 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Blob storage containers in Azure are configured without explicitly setting their access level to 'private', which may leave them open to public access. This means anyone on the internet could potentially read or list blobs stored in the container.
Impact
If exploited, sensitive data stored in the affected blob containers could be exposed to unauthorized users or the public. Attackers could access, download, or enumerate files, leading to data leaks, privacy breaches, and potential regulatory violations.