daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cloud/azure/storageaccounts/azure-storage-cross-tenant-...

55 lines
2.2 KiB
YAML
Raw Blame History

id: azure-storage-cross-tenant-replication-disabled
info:
name: Azure Storage Cross-Tenant Replication Disabled
author: princechaddha
severity: high
description: |
Ensure that the Cross-Tenant Replication feature is disabled for your Azure Storage accounts in order to prevent object replication across Microsoft Entra tenants. Cross-Tenant Replication enables replication of data across different Microsoft Entra tenants, allowing for redundancy and disaster recovery across organizational boundaries. Although advantageous for data accessibility and sharing, this feature also poses a significant security risk if not properly managed. Potential risks include unauthorized data access, data leakage, and compliance breaches.
impact: |
Enabled Cross-Tenant Replication can lead to unauthorized data access and data leakage, posing significant security and compliance risks.
remediation: |
Disable the Cross-Tenant Replication feature for Azure Storage accounts to ensure data is not replicated across different Microsoft Entra tenants without authorization.
reference:
- https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
tags: cloud,devops,azure,microsoft,storage,azure-cloud-config
flow: |
code(1);
for (let StorageAccount of iterate(template.storageAccountList)) {
StorageAccount = JSON.parse(StorageAccount);
set("name", StorageAccount.Name);
code(2);
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
az storage account list --query '[*].{"Name":name}'
extractors:
- type: json
name: storageAccountList
internal: true
json:
- '.[]'
- engine:
- sh
- bash
source: |
az storage account show --name "$name" --query 'allowCrossTenantReplication'
matchers-condition: and
matchers:
- type: word
words:
- 'false'
extractors:
- type: dsl
dsl:
- '"Cross-Tenant Replication is enabled for " + name + ", posing a security risk"'
# digest: 4a0a0047304502204ea3f5da47b6c426c389c64cd2a24b156b95cfe5f9cf9f196ef120cd9349d21c022100a38d54265975acdc58aed5269bd9be17a22a96c29a6c66d018c288d302505e55:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink