[German]Security researchers from Israeli security vendor Ermetic have discovered three vulnerabilities in Microsoft's Azure API management. Two server-side request forgery (SSRF) vulnerabilities and an unrestricted file upload issue create risks for the Microsoft cloud environment. The vulnerabilities could be abused by malicious actors to gain access to sensitive information or backend services.
Advertising
Liv Matan of Ermetic published the findings in the blog post When Good APIs Go Bad: Uncovering 3 Azure API Management Vulnerabilities. The vulnerabilities were discovered while analyzing the Azure API for cloud management.
- Two of the issues are server-side request forgery (SSRF) vulnerabilities. By abusing the SSRF vulnerabilities, attackers could send requests from the service's CORS proxy and the hosting proxy itself, access internal Azure resources, deny services and bypass web application firewalls.
- A vulnerability (file upload path traversal) allows unrestricted file upload in an internal Azure workload. By bypassing the file upload path, attackers could upload malicious files to Azure-hosted internal workloads and self-hosted developer portals.
The vulnerabilities were achieved by bypassing URL formatting and unrestricted file upload functionality in the API management developer portal and leverage Azure's API management service. All three vulnerabilities were reported to Microsoft by Ermetic and have since been fully patched. Details can be read in the blog post above. (via)
