korniko98
commented
1 year ago I mistakenly closed this as a duplicate - sorry!
Closed chrihala closed 1 year ago
korniko98
commented
1 year ago I mistakenly closed this as a duplicate - sorry!
Summary (give a brief description of the issue)
Binary Security found two vulnerabilities in legacy App Service APIs. One of these allowed an attacker with Reader access to an Azure Function on a Windows host to get an admin token and deploy malicious code to the function. The other allowed an attacker with Reader access to an Azure App Service to read all process environment variables, including Key Vault references.
References (provide links to blogposts, etc.)
https://binarysecurity.no/posts/2023/06/function-apps-rce