2023. szep. 18.
Biztonsági szemle
Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token
Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive Shared Access Signature (SAS) token for an internal storage account.
Tovább