all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Unauthorized Access to Cross-Tenant Applications in a Microsoft Azure Service

Add to bookmarks
July 31, 2023, 11:49 a.m. | Evan Grant

Tenable Research Advisories www.tenable.com

Unauthorized Access to Cross-Tenant Applications in a Microsoft Azure Service

A researcher at Tenable has discovered an issue that enables limited, unauthorized access to cross-tenant applications and sensitive data (including but not limited to authentication secrets).


Tenable is continuing to work with Microsoft to coordinate the disclosure process, and will update this advisory with more details by 28 September 2023.



Evan Grant
Mon, 07/31/2023 - 07:49

access applications authentication azure azure service data disclosure issue microsoft microsoft azure process researcher secrets sensitive data service tenable unauthorized access work

Visit resource

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 1 week, 4 days ago | www.tenable.com
app application exploitation management +9
Karros Technologies Authentication Bypass 1 week, 4 days ago | www.tenable.com
authentication authentication bypass bypass technologies
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 week, 6 days ago | www.tenable.com
avalanche big buffer buffer overflow +12
Path Traversal Affecting Multiple CData Products 3 weeks, 4 days ago | www.tenable.com
application attachment cookie date +14
LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com
assistant led vulnerabilities
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com
arcserve data data protection protection +1
Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com
analytics azure azure synapse caching +8
Showdownjs Denial of Service 2 months ago | www.tenable.com
can command concept conditions +17
Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com
accesstoken admin adobe authentication +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Architect - Northwest region (Remote)

@ GuidePoint Security LLC | Remote
View on infosec-jobs.com

Senior Consultant, Cyber Security Architecture

@ 6point6 | Manchester, United Kingdom
View on infosec-jobs.com

Junior Security Architect

@ IQ-EQ | Port Louis, Mauritius
View on infosec-jobs.com

Senior Detection & Response Engineer

@ Expel | Remote
View on infosec-jobs.com

Cyber Security Systems Engineer ISSE Splunk

@ SAP | Southbank (Melbourne), VIC, AU, 3006
View on infosec-jobs.com
View more jobs