Azure API Connections Expose Backend Secrets
Published Mon, Mar 10th, 2025
Platforms
Summary
Azure API Connections were found to allow any reader on a subscription to access backend resources through a proxy endpoint, potentially exposing secrets from Key Vaults, databases, and third-party services. This vulnerability affects various Azure services and external APIs, enabling privilege escalation and unauthorized access to sensitive information.
Affected Services
Logic Apps, Key Vault, SQL Database, Jira, Salesforce, Storage Blobs, Defender ATP
Remediation
None required. Microsoft has fixed the vulnerability by restricting access to the /extensions/proxy endpoint.
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Mon, Jan 6th, 2025
Exploitability Period
Until 2025/01/17
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected or unauthorized access attempts to API Connections. Review Azure Activity Logs for suspicious queries to the management.azure.com endpoint, especially those targeting the /extensions/proxy path.
Piercing Index Rating
-
Discovered by
Haakon Holm Gulbrandsrud, Binary Security AS
