Full public read access Azure blob storage

Description

Azure blob storage is Microsoft's persistent Cloud data storage. A blob can be any type of text or binary data, such as a document, media file, or application installer. By default, a container and any blobs within it may be accessed only by the owner of the storage account. If you want to give anonymous users read permissions to a container and its blobs, you can set the container permissions to allow public access. Anonymous users can read blobs within a publicly accessible container without authenticating the request.

This web application is using a Full public read access Azure blob storage resource. This is not recommended, as a public blob storage resource will list all of its files and directories to an any user that asks.

Remediation

Make sure all the Azure blob storage resources you are using are marked as "Public read access for blobs only" or "No public read access".

References
Severity
Classification
Tags
  • Information Disclosure