Microsoft Azure API Management service now has three additional security holes that could be exploited by hackers to have access to private data or backend services.
According to Israeli cloud security company Ermetic, this includes two server-side request forgery (SSRF) issues and one instance of unfettered file upload functionality in the API Management developer site.
Security researcher Liv Matan stated in a study shared with The Hacker News that “attackers could send requests from the service’s CORS Proxy and the hosting proxy itself, access internal Azure assets, deny service, and bypass web application firewalls by abusing the SSRF vulnerabilities.”
With Azure API Management, businesses can safely make their APIs available to both internal and external customers, opening the door to a wide range of connected linked experiences.
One of the two SSRF vulnerabilities discovered by Ermetic is a workaround for a patch Microsoft released in response to a similar vulnerability disclosed by Orca in January of this year. The API Management proxy service is the source of the second flaw.
If an SSRF vulnerability is exploited, sensitive data could be leaked and malicious code could be run on the affected instance of Azure.
Image credit: TheHackerNews
However, the developer portal’s path traversal vulnerability is due to improper validation of uploaded files’ types and locations.
With this vulnerability, an authorized user can compromise the server hosting of the developer portal and potentially execute arbitrary code.
Microsoft has issued fixes for all three vulnerabilities after learning about them through responsible disclosure.
This discovery follows a report published a few weeks ago by researchers from Orca that described a “by-design flaw” in Microsoft Azure that could be used by attackers to access storage accounts, traverse the environment laterally, and even execute remote code.