DerScanner
Home / Vulnerability Database / TypeScript : Unsafe Azure access control
TypeScript

TypeScript : Unsafe Azure access control

Classification

OWASP Top 10 2013
A4-Insecure Direct Object References
OWASP ASVS
Access ControlAccess ControlAccess ControlAccess Control
PCI DSS 4.0
6.2.4
CWE
CWE-284CWE-287CWE-1030
CWE/SANS Top 25 2021
CWE-287

Overview

Accessing an Azure Queue/Blob with a user-controlled value and without proper access control may allow an attacker to view/modify/delete unauthorized Queue/Blob and its messages/contents.

Azure Cloud access control errors occur when:

  • Data enters a program from an untrusted source.
  • The data is used to view/modify/delete unauthorized queue/blob and its messages/contents.

References

  1. How to use Queue storage from Node.js
  2. How to use Blob storage from Node.js
  3. OWASP Top 10 2017-A5-Broken Access Control
  4. CWE-284
  5. CWE-1030
MEDIUM

DerScanner Severity Score

Do you want to fix TypeScript : Unsafe Azure access control in your application?

See also

TypeScript

TypeScript : Debug code

TypeScript

TypeScript : XSS protection is disabled

TypeScript

TypeScript : Null encryption key