Azue Health privilege escalation via SSRF

Brandon Evans, Eric Johnson

Microsoft Defender for Cloud at one point provided customers with a flawed configuration template through their public GitHub repository. This template creates resources in the customer's AWS account so that Microsoft Defender for Cloud can scan it. In the rare cases in which this template was deployed, under certain, limited circumstances, Defender for Cloud's security findings for these AWS accounts could be disclosed to unauthorized third parties.


Azue Health privilege escalation via SSRF

Summary

Affected Services

Tracked CVEs

References

More vulnerabilities...

Azue Health privilege escalation via SSRF

Tenable

Azue Health privilege escalation via SSRF

Tenable

Unauthorized Access to AWS Account Findings in Microsoft Defender for Cloud

Brandon Evans, Eric Johnson