Insecure service configuration - Container level access policy
Description
Container level policy is not set when generating a service Shared Access Signature (SAS). A container-level access policy can be modified or revoked at any time. It provides greater flexibility and control over the permissions that are granted
Impact
Create IDORs, excessive privileges, or broken authentication vulnerabilities
Recommendation
Specify a valid group policy identifier when generating the service SAS.
Threat
Authenticated attacker from the Internet
Expected Remediation Time
⏱️ 50 minutes.
Requirements
186 - Use the principle of least privilegeFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
H
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
L
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
U
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U