azure-storage-cross-tenant-replication-disabled: Azure Storage Cross-Tenant Replication Disabled

日期: 2025-08-01 | 影响软件: Azure Storage | POC: 已公开

漏洞描述

Ensure that the Cross-Tenant Replication feature is disabled for your Azure Storage accounts in order to prevent object replication across Microsoft Entra tenants. Cross-Tenant Replication enables replication of data across different Microsoft Entra tenants, allowing for redundancy and disaster recovery across organizational boundaries. Although advantageous for data accessibility and sharing, this feature also poses a significant security risk if not properly managed. Potential risks include unauthorized data access, data leakage, and compliance breaches.

PoC代码[已公开]

id: azure-storage-cross-tenant-replication-disabled
info:
  name: Azure Storage Cross-Tenant Replication Disabled
  author: princechaddha
  severity: high
  description: |
    Ensure that the Cross-Tenant Replication feature is disabled for your Azure Storage accounts in order to prevent object replication across Microsoft Entra tenants. Cross-Tenant Replication enables replication of data across different Microsoft Entra tenants, allowing for redundancy and disaster recovery across organizational boundaries. Although advantageous for data accessibility and sharing, this feature also poses a significant security risk if not properly managed. Potential risks include unauthorized data access, data leakage, and compliance breaches.
  impact: |
    Enabled Cross-Tenant Replication can lead to unauthorized data access and data leakage, posing significant security and compliance risks.
  remediation: |
    Disable the Cross-Tenant Replication feature for Azure Storage accounts to ensure data is not replicated across different Microsoft Entra tenants without authorization.
  reference:
    - https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
  tags: cloud,devops,azure,microsoft,storage,azure-cloud-config

flow: |
  code(1);
  for (let StorageAccount of iterate(template.storageAccountList)) {
    StorageAccount = JSON.parse(StorageAccount);
    set("name", StorageAccount.Name);
    code(2);
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az storage account list --query '[*].{"Name":name}'

    extractors:
      - type: json
        name: storageAccountList
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      az storage account show --name "$name" --query 'allowCrossTenantReplication'

    matchers:
      - type: word
        words:
          - 'true'

    extractors:
      - type: dsl
        dsl:
          - '"Cross-Tenant Replication is enabled for " + name + ", posing a security risk"'
# digest: 4b0a00483046022100ef0f1360870fe2845c40b84a1de7171a6612e371a0176675ced7d4fda7a1c4b5022100815143249c65ce85f872d8dd949c933cbb762d39fcf3e6bde403920f9c5aee75:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/azure/storageaccounts/azure-storage-cross-tenant-replication-disabled.yaml

相关漏洞推荐