Do not grant public access on storage containers
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | Azure | NETWORK |
Description
Storage containers are private by default. However, it is possible to grant public access to them, either for blobs, containers, or both. This is not recommended as it makes attacks easier, and should only be done if absolutely required.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | True | False | False |
Data in the storage container could be exposed publicly. The container may be vulnerable to DDoS (Distributed Denial-of-Service) attacks.
Remediation guidelines
Set the container_access_type
property to private
.
Do not fill in the publicAccess
property.