Summary
SSRF vulnerabilities were discovered in four Azure services: unauthenticated SSRF in
Azure Digital Twins Explorer and Azure Functions, and authenticated SSRF in Azure API
Management Service and Azure Machine Learning Service. All four vulnerabilities were
full (non-blind) SSRF. The impact of these vulnerabilities was limited: while they
would have allowed an adversary to scan local ports and find new services, endpoints,
and files; they would not have allowed them to access metadata, connect to internal
services, access unauthorized data, or obtain cross-tenant access.
Affected Services
Azure Machine Learning Service, Azure API Management Service, Azure Functions, Azure Digital Twins Explorer
Remediation
None required
Tracked CVEs
No tracked CVEs
References
https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/https://msrc-blog.microsoft.com/2023/01/17/microsoft-resolves-four-ssrf-vulnerabilities-in-azure-cloud-services/https://orca.security/resources/blog/ssrf-vulnerabilities-azure-digital-twins/https://orca.security/resources/blog/ssrf-vulnerabilities-azure-functions-app/https://orca.security/resources/blog/ssrf-vulnerabilities-azure-api-management/https://orca.security/resources/blog/ssrf-vulnerabilities-azure-machine-learning/
Contributed by https://github.com/korniko98
Disclosure Date
Sat, Oct 8th, 2022
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Lidor Ben Shitrit, Orca Security
