Control plane bypass in Azure OpenAI
Published Tue, Dec 12th, 2023
Platforms
Summary
A way to manage Azure OpenAI deployments via the Data Plane was discovered, bypassing key security controls. This allows creation/modification/deletion of deployments without the usual protections of Resource Manager Locks, Azure Policy, and Entra ID authentication.
Affected Services
OpenAI
Remediation
Avoid using the Azure AI Developer built-in role. Add the affected OpenAI deployment operations to the NotDataActions section of applicable Role Definitions.
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Tue, Oct 24th, 2023
Exploitability Period
Until 2024/04/02
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected changes to Azure OpenAI deployments, especially those made via the data plane APIs. Review role assignments and custom roles for overly permissive OpenAI permissions.
Piercing Index Rating
-
Discovered by
Tyson Garrett, TrustOnCloud
