low

App Runner cross-tenant observability config info leak

Published Mon, Apr 3rd, 2023

Platforms

Summary

The API action ListObservabilityConfigurationsForAccount did not properly validate the "AccountId" parameter that was passed to it. As a result, any account ID could be provided and the API would return the information for that account. This would leak minor information about the observability configuration for App Runner in the account.

Affected Services

App Runner

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://frichetten.com/blog/minor-cross-tenant-vulns-app-runner

Contributed by https://github.com/frichetten

Entry Status

Finalized

Disclosure Date

Tue, Feb 28th, 2023

Exploitablity Period

Until 2023/03/13

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Nick Frichette

More vulnerabilities...

critical

Azure on-premises data gateway cross-tenant access

Azure on-premises data gateway allows data transfer between an on-prem customer network and several Azure cloud services, and also enables a connected agent installed locally in an on-prem network ...

Nick Landers, NetSPI

Thu, Mar 30th, 2023

high

RCE vulnerability in Azure Pipelines

Legit Security found an RCE vulnerability in Azure Pipelines that could have allowed an attacker to gain complete control of variables and tasks by exploiting logging commands. This would have enab...

Nadav Noy, Legit Security

Thu, Mar 30th, 2023

high

Azure Function Apps privilege escalation

Undocumented APIs used by the Azure Function Apps Portal could have allowed an attacker with existing access to a Reader role on a Function App to escalate their privileges and gain write permissio...

Karl Fosaaen, NetSPI

Thu, Mar 23rd, 2023

View all