SYM_CONF_0098 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Permissive Cross-domain Policy with Untrusted Domains
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-942: Permissive Cross-domain Policy with Untrusted Domains |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The configuration allows all external origins ('*') to access your Azure App Service via CORS. This means any website can make requests to your app, exposing it to potential abuse.
Impact
If exploited, malicious websites could interact with your app's APIs, potentially stealing sensitive data or performing unauthorized actions on behalf of users. This weakens your app's defenses and increases the risk of data leaks or account compromise.