azure-apim-public-access-disabled: Azure API Management Public Network Access Disabled with Private Endpoint

日期: 2025-08-01 | 影响软件: Azure API Management | POC: 已公开

漏洞描述

Azure API Management services configured with a private endpoint should not be publicly accessible to enhance security by ensuring that the API service instance is only accessible from within your private network, over Azure Private Link, limiting exposure to potential external threats and unauthorized access.

PoC代码[已公开]

id: azure-apim-public-access-disabled
info:
  name: Azure API Management Public Network Access Disabled with Private Endpoint
  author: princechaddha
  severity: high
  description: |
    Azure API Management services configured with a private endpoint should not be publicly accessible to enhance security by ensuring that the API service instance is only accessible from within your private network, over Azure Private Link, limiting exposure to potential external threats and unauthorized access.
  impact: |
    If public network access is enabled for Azure API Management services with a private endpoint, it may expose sensitive APIs to external threats and unauthorized access, potentially leading to data breaches and other security vulnerabilities.
  remediation: |
    Disable public network access for Azure API Management services that are configured with a private endpoint to ensure they are only accessible via Azure Private Link within the private network.
  reference:
    - https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-private-link
  tags: cloud,devops,azure,microsoft,api-management,azure-cloud-config

flow: |
  code(1);
  for (let ServiceData of iterate(template.serviceList)) {
    ServiceData = JSON.parse(ServiceData);
    set("name", ServiceData.name);
    set("resourceGroup", ServiceData.resourceGroup);
    code(2);
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az apim list --output json --query '[*].{name:name, resourceGroup:resourceGroup}'

    extractors:
      - type: json
        name: serviceList
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      az apim show --name "$name" --resource-group "$resourceGroup" --query 'publicNetworkAccess'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'Enabled'

    extractors:
      - type: dsl
        dsl:
          - 'name + " in resource group " + resourceGroup + " has public network access enabled, which should be disabled."'
# digest: 4b0a00483046022100bf15fa0002933bde6ac8ba0bae3ee5ce1d9dbd5e770004eebcf4ca264ba6d8a5022100e785cb093325de88f650534b1a26d4e2bb0d5e533e53f1d5fb0351056cf1e56c:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/azure/apimanagement/azure-apim-public-access-disabled.yaml

相关漏洞推荐