Do not grant public access on storage containers

Severity	Exploitability	Providers	Categories
HIGH	HIGH	Azure	NETWORK

Description

Storage containers are private by default. However, it is possible to grant public access to them, either for blobs, containers, or both. This is not recommended as it makes attacks easier, and should only be done if absolutely required.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	True	False	False

Data in the storage container could be exposed publicly. The container may be vulnerable to DDoS (Distributed Denial-of-Service) attacks.

Remediation guidelines

Set the container_access_type property to private. Do not fill in the publicAccess property.

References

Configure anonymous public read access for containers and blobs
Remediate anonymous public read access to blob data

Do not grant public access on storage containers

Description

Impact

Remediation guidelines

References

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Do not grant public access on storage containers

Description​

Impact​

Remediation guidelines​

References​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

Impact

Remediation guidelines

References