daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cloud/azure/aiservices/azure-openai-private-endpoi...

56 lines
2.1 KiB
YAML
Raw Permalink Blame History

id: azure-openai-private-endpoints-unconfigured
info:
name: Azure OpenAI Service Instances Not Using Private Endpoints
author: princechaddha
severity: high
description: |
To reduce the risk of exposure to external threats and strengthens overall security for your Azure OpenAI interactions, ensure that your Azure OpenAI service instances are accessed exclusively through private endpoint connections.
impact: |
Not using private endpoints for OpenAI service instances can expose them to external threats, compromising the security of your Azure environment.
remediation: |
Configure all Azure OpenAI service instances to use private endpoints to enhance security and ensure that these instances are not accessible over the public internet.
reference:
- https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview
tags: cloud,devops,azure,microsoft,openai,azure-cloud-config
flow: |
code(1);
for (let ServiceInstance of iterate(template.serviceList)) {
ServiceInstance = JSON.parse(ServiceInstance);
set("name", ServiceInstance.Name);
set("resourceGroup", ServiceInstance.ResourceGroup);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az cognitiveservices account list --output json --query '[?(kind==`OpenAI`)].{Name:name, ResourceGroup:resourceGroup}'
extractors:
- type: json
name: serviceList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az cognitiveservices account show --name "$name" --resource-group "$resourceGroup" --query 'properties.privateEndpointConnections'
matchers-condition: and
matchers:
- type: word
words:
- '[]'
extractors:
- type: dsl
dsl:
- 'name + " in " + resourceGroup + " does not have private endpoint connections configured"'
# digest: 490a0046304402202193979a2311816ab574cf04f464c82c1ebd91b4121e588dfb25464a95d188eb0220237cc1b0d15aa5a8ab279cb9d11f38d146491347d0d0bd8f42fde7b280424c9c:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink