Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token

Share
https://freepchelp.forum/topic/217087-microsoft-mitigated-exposure-of-internal-information-in-a-storage-account-due-to-overly-permissive-sas-token/
Followers

Start new topic
Reply to this topic

Posted May 27, 2024May 27

Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive Shared Access Signature (SAS) token for an internal storage account.

Quote