Three new security vulnerabilities have been disclosed in Microsoft's Azure API Management service that could be abused by malicious actors to gain access to sensitive information or backend services.
According to Israeli cloud security firm Ermetic, these include two Server-Side Request Forgery (SSRF) vulnerabilities and an instance of an unrestricted file upload function in the API Management developer portal.
"By abusing the SSRF vulnerability, an attacker can send requests from the service's CORS proxy and the hosting proxy itself, access Azure internal assets, deny service and bypass web applications," security researcher Liv Matan said in a report shared with the Hacker News. Firewall."
"Through file upload path traversal, attackers can upload malicious files to Azure's hosted internal workloads."
Azure API Management is a multi-cloud management platform that allows organizations to securely expose their APIs to external and internal customers and enable a broad connected experience.
One of the two SSRF vulnerabilities discovered by Ermetic bypasses a fix Microsoft implemented to address a similar vulnerability reported by Orca earlier this year. Another vulnerability exists in the API Management proxy function.
Exploitation of SSRF vulnerabilities could lead to loss of confidentiality and integrity, allowing threat actors to read internal Azure resources and execute unauthorized code.
On the other hand, the path traversal flaw found in the developer portal stems from a lack of validation of the file type and path of uploaded files.
An authenticated user could exploit this vulnerability to upload malicious files to the developer portal server and possibly even execute arbitrary code on the underlying system.
After responsible disclosure, Microsoft has patched all three vulnerabilities.
A few weeks ago, Orca researchers detailed a "design flaw" in Microsoft Azure that could allow attackers to gain access to storage accounts, move laterally within the environment, and even execute remote code.
Prior to this, Microsoft also discovered another Azure vulnerability called EmojiDeploy, which could allow attackers to take control of targeted applications.
Disclaimer: The relevant information in this article comes from Thehackernews, the copyright belongs to the author, and the purpose of reprinting is to convey more information. If there is any infringement, please contact this site to delete.