azure-openai-private-endpoints-unconfigured: Azure OpenAI Service Instances Not Using Private Endpoints

日期: 2025-08-01 | 影响软件: Azure OpenAI Service | POC: 已公开

漏洞描述

To reduce the risk of exposure to external threats and strengthens overall security for your Azure OpenAI interactions, ensure that your Azure OpenAI service instances are accessed exclusively through private endpoint connections.

PoC代码[已公开]

id: azure-openai-private-endpoints-unconfigured
info:
  name: Azure OpenAI Service Instances Not Using Private Endpoints
  author: princechaddha
  severity: high
  description: |
    To reduce the risk of exposure to external threats and strengthens overall security for your Azure OpenAI interactions, ensure that your Azure OpenAI service instances are accessed exclusively through private endpoint connections.
  impact: |
    Not using private endpoints for OpenAI service instances can expose them to external threats, compromising the security of your Azure environment.
  remediation: |
    Configure all Azure OpenAI service instances to use private endpoints to enhance security and ensure that these instances are not accessible over the public internet.
  reference:
    - https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview
  tags: cloud,devops,azure,microsoft,openai,azure-cloud-config

flow: |
  code(1);
  for (let ServiceInstance of iterate(template.serviceList)) {
    ServiceInstance = JSON.parse(ServiceInstance);
    set("name", ServiceInstance.Name);
    set("resourceGroup", ServiceInstance.ResourceGroup);
    code(2);
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az cognitiveservices account list --output json --query '[?(kind==`OpenAI`)].{Name:name, ResourceGroup:resourceGroup}'

    extractors:
      - type: json
        name: serviceList
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      az cognitiveservices account show --name "$name" --resource-group "$resourceGroup" --query 'properties.privateEndpointConnections'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '[]'

    extractors:
      - type: dsl
        dsl:
          - 'name + " in " + resourceGroup + " does not have private endpoint connections configured"'
# digest: 4b0a00483046022100fbffb2e6b093f781b961d876c19d527e0576808972d3b89b382cdb0272353f36022100947e6a2cf9934afc9b45991b207123cbedf3dd00437555c2aa7be081f3397a36:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/azure/aiservices/azure-openai-private-endpoints-unconfigured.yaml