SYM_CONF_0078 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The Azure Cognitive Search service is configured to allow public network access, making it accessible from the internet. This can expose sensitive data and operations to unauthorized users.
Impact
If public access is enabled, attackers could connect to the search service from anywhere, potentially leading to data leaks, manipulation of search indexes, or unauthorized access to sensitive information. This increases the risk of breaches and non-compliance with security standards.