SYM_CONF_0071 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Azure Container Group resource is not configured to use a virtual network. This means containers are deployed without network isolation, exposing them directly to the public internet.
Impact
Without a virtual network, containers are vulnerable to unauthorized network access, increasing the risk of attacks such as data exfiltration or service disruption. Attackers could exploit this to access sensitive resources or compromise workloads within your Azure environment.