azure-storage-public-access: Azure Storage Publicly Accessible Web Containers

日期: 2025-08-01 | 影响软件: Azure Storage | POC: 已公开

漏洞描述

Ensure that the Microsoft Azure storage container where the exported activity log files are saved is not publicly accessible from the Internet, in order to avoid exposing sensitive data and minimize security risks.

PoC代码[已公开]

id: azure-storage-public-access
info:
  name: Azure Storage Publicly Accessible Web Containers
  author: princechaddha
  severity: high
  description: |
    Ensure that the Microsoft Azure storage container where the exported activity log files are saved is not publicly accessible from the Internet, in order to avoid exposing sensitive data and minimize security risks.
  impact: |
    If the storage container is publicly accessible, sensitive data contained within the activity log files can be accessed by anyone, thus increasing the risk of data breaches and unauthorized access.
  remediation: |
    Ensure that the Azure storage containers storing activity log files are configured to deny public access. Review and modify the public access settings of your storage accounts to protect sensitive data.
  reference:
    - https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
  tags: cloud,devops,azure,microsoft,storage,azure-cloud-config

flow: |
  code(1);
  for (let subName of iterate(template.subscriptionNames)) {
    set("subName", subName);
    code(2);
    for (let containerDetails of iterate(template.containerDetails)) {
      set("containerDetails", containerDetails);
      code(3);
    }
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: |
      az monitor diagnostic-settings subscription list --query 'value[*].name'

    extractors:
      - type: json
        name: subscriptionNames
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      az monitor diagnostic-settings subscription show --name "$subName" --query 'storageAccountId'

    extractors:
      - type: json
        name: containerDetails
        internal: true
        json:
          - '.'

  - engine:
      - sh
      - bash
    source: |
      az storage container show --account-name $containerDetails --name insights-operational-logs --query 'properties.publicAccess'

    matchers:
      - type: word
        words:
          - 'container'

    extractors:
      - type: dsl
        dsl:
          - 'subName + " storage container insights-operational-logs is publicly accessible"'
# digest: 4a0a00473045022100b3f568a23f1ad0b86badce71051ebc1098405921346e0d7972df8ad1d8b31395022062b246e7e0341958e4bd97250a7aef17d07ff7021792783ef95c1ef5f458cff3:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/azure/storageaccounts/azure-storage-public-access.yaml

相关漏洞推荐