Summary
A way to manage Azure OpenAI deployments via the Data Plane was discovered, bypassing key security controls. This allows creation/modification/deletion of deployments without the usual protections of Resource Manager Locks, Azure Policy, and Entra ID authentication.
Affected Services
OpenAI
Remediation
Avoid using the Azure AI Developer built-in role. Add the affected OpenAI deployment operations to the NotDataActions section of applicable Role Definitions.
Tracked CVEs
No tracked CVEs
References
https://github.com/tyson-trusthttps://trustoncloud.com/how-i-bypassed-the-control-plane-in-azure-openai/https://trustoncloud.com/how-i-bypassed-the-control-plane-in-azure-openai/#impacted)
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Tue, Oct 24th, 2023
Exploitablity Period
Until 2024/04/02
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected changes to Azure OpenAI deployments, especially those made via the data plane APIs. Review role assignments and custom roles for overly permissive OpenAI permissions.
Piercing Index Rating
-
Discovered by
Tyson Garrett, TrustOnCloud
