azure-keyvault-network-unrestricted: Unrestricted Network Access to Azure Key Vaults

日期: 2025-08-01 | 影响软件: azure key vault | POC: 已公开

漏洞描述

Ensure that your Microsoft Azure Key Vaults are configured to deny access to traffic from all networks (including the public Internet). By restricting the public access to your Azure Key Vaults, you add an important layer of security, since the default action is to accept connections from clients on any network. To limit access to trusted networks and/or IP addresses, you must change the Key Vault firewall default action from "Allow" to "Deny" and configure the appropriate access.

PoC代码[已公开]

id: azure-keyvault-network-unrestricted
info:
  name: Unrestricted Network Access to Azure Key Vaults
  author: princechaddha
  severity: medium
  description: |
    Ensure that your Microsoft Azure Key Vaults are configured to deny access to traffic from all networks (including the public Internet). By restricting the public access to your Azure Key Vaults, you add an important layer of security, since the default action is to accept connections from clients on any network. To limit access to trusted networks and/or IP addresses, you must change the Key Vault firewall default action from "Allow" to "Deny" and configure the appropriate access.
  impact: |
    Allowing unrestricted access from all networks to Azure Key Vaults can expose sensitive data and increase the risk of unauthorized access.
  remediation: |
    Modify Key Vault network settings to deny access from all networks by default. Configure network rules to allow access only from specific trusted IPs or networks.
  reference:
    - https://docs.microsoft.com/en-us/azure/key-vault/general/network-security
  tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config

flow: |
  code(1);
  for (let VaultData of iterate(template.vaultNames)) {
    set("vaultName", VaultData)
    code(2)
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az keyvault list --query '[*].name' --output json

    extractors:
      - type: json
        name: vaultNames
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      az keyvault show --name $vaultName --query 'properties.publicNetworkAccess' --output tsv

    matchers:
      - type: word
        words:
          - 'Enabled'
          - ''

    extractors:
      - type: dsl
        dsl:
          - 'vaultName + " is configured to allow unrestricted Key Vault network access"'
# digest: 490a0046304402202235e2154b8f07704fc4c2d1c908bfa81bed50c8e1e810045f98dfde26b1ecd6022079a2551d6e4708fab8d25470394d4e9389b3fa624f2840652adcfc7c8a779b3e:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/azure/keyvault/azure-keyvault-network-unrestricted.yaml

相关漏洞推荐