Summary
Binary Security found two vulnerabilities in the legacy Azure Resource Manager (ARM) REST API.
The first vulnerability allowed an attacker with Reader access to an Azure Function, acting from
a Windows host, to get an admin token that could be exchanged for a master key granting access
to all operations in Kudu (the Functions deployment service). This would allow them to tamper
with the function by deploying malicious code to it. The other vulnerability allowed an attacker
with Reader access to an Azure App Service to read all process environment variables, including
Key Vault references. For Azure Functions, this would result in complete compromise of the app.
Affected Services
Azure Resource Manager (ARM), Azure Functions, Azure App Services
Remediation
None required.
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/chrihala
Disclosure Date
Fri, Apr 28th, 2023
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Haakon Holm Gulbrandsrud, Christian August Holm Hansen, Binary Security
