Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token

  • Thread starter Thread starter MSRC
  • Start date Start date
M

MSRC

Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive Shared Access Signature (SAS) token for an internal storage account.

Continue reading...
 
Back
Top