Microsoft Defender for Cloud, Azure’s built-in CSPM, at one point provided customers with a flawed configuration template through their public GitHub repository. In the rare cases in which this template was deployed, under certain, limited circumstances, Defender for Cloud’s security findings could be disclosed to unauthorized third parties.
Summary (give a brief description of the issue)
Microsoft Defender for Cloud, Azure’s built-in CSPM, at one point provided customers with a flawed configuration template through their public GitHub repository. In the rare cases in which this template was deployed, under certain, limited circumstances, Defender for Cloud’s security findings could be disclosed to unauthorized third parties.
References (provide links to blogposts, etc.)
https://www.linkedin.com/pulse/confused-deputy-vulnerability-microsoft-defender-cloud-brandon-evans-9fyge/