Storage Container Is Publicly Accessible
- Query id: 4d3817db-dd35-4de4-a80d-3867157e7f7f
- Query name: Storage Container Is Publicly Accessible
- Platform: Ansible
- Severity: High
- Category: Access Control
- URL: Github
Description¶
Anonymous, public read access to a container and its blobs are enabled in Azure Blob Storage
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Create container foo and upload a file
azure_rm_storageblob:
resource_group: myResourceGroup
storage_account_name: clh0002
container: foo
blob: graylog.png
src: ./files/graylog.png
content_type: 'application/image'
public_access: blob
- name: Create container foo2 and upload a file
azure_rm_storageblob:
resource_group: myResourceGroup
storage_account_name: clh0002
container: foo2
blob: graylog.png
src: ./files/graylog.png
public_access: container
content_type: 'application/image'