The Linux containers in Azure Function Apps utilize an encrypted start up context file hosted in Azure Storage Accounts The Storage Account URL and the decryption key are stored in the container environmental variables and are available to anyone with the ability to execute commands in the container This startup context can be decrypted to expose sensitive data about the Function App, including the certificates for any attached Managed Identities, allowing an attacker to gain persistence as the Managed Identity. As of the November 11, 2023, this issue has been fully addressed by Microsoft.
Summary (give a brief description of the issue)
The Linux containers in Azure Function Apps utilize an encrypted start up context file hosted in Azure Storage Accounts The Storage Account URL and the decryption key are stored in the container environmental variables and are available to anyone with the ability to execute commands in the container This startup context can be decrypted to expose sensitive data about the Function App, including the certificates for any attached Managed Identities, allowing an attacker to gain persistence as the Managed Identity. As of the November 11, 2023, this issue has been fully addressed by Microsoft.
References (provide links to blogposts, etc.)
https://www.netspi.com/blog/technical/cloud-penetration-testing/mistaken-identity-azure-function-apps/