SYM_CONF_0069 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The storage account is configured to allow public access to blobs, which means anyone on the internet can read data without authentication. This setting exposes sensitive files and data to unauthorized users.
Impact
If exploited, attackers or unauthorized individuals could access, download, or leak confidential data stored in the Azure Storage Account. This could lead to data breaches, compliance violations, and damage to the organization's reputation.