JavaScript : Unsafe Azure access control

Classification

OWASP Top 10 2013

A4-Insecure Direct Object References

OWASP ASVS

Access Control Access Control Access Control Access Control

PCI DSS 4.0

6.2.4

CWE

CWE-284 CWE-287 CWE-1030

CWE/SANS Top 25 2021

CWE-287

Overview

Accessing an Azure Queue/Blob with a user-controlled value and without proper access control may allow an attacker to view/modify/delete unauthorized Queue/Blob and its messages/contents.

Azure Cloud access control errors occur when:

Data enters a program from an untrusted source.
The data is used to view/modify/delete unauthorized queue/blob and its messages/contents.

References

How to use Queue storage from Node.js
How to use Blob storage from Node.js
OWASP Top 10 2017-A5-Broken Access Control
CWE-284
CWE-1030

MEDIUM

JavaScript : Unsafe Azure access control

Classification

Overview

References

DerScanner Severity Score

Do you want to fix JavaScript : Unsafe Azure access control in your application?

See also

JavaScript : Null salt

JavaScript : Empty encryption key

JavaScript : Error handling: empty catch block