[Contribution] Azure OpenAI Control Plane Bypass for Deployment resource #281
Comments
|
Thanks for the submission! |
|
@tyson-trust could you add a PR with this information? also - i'm having trouble understanding the impact of this issue and how likely it is to exploit - i think it would be useful to add a POC to the original blogpost. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
title: Azure OpenAI Control Plane Bypass for Deployment resource
slug: azure-openai-controlplanebypass-deployments
cves: null
affectedPlatforms:
affectedServices:
image: https://raw.githubusercontent.com/wiz-sec/open-cvdb/main/images/[slug].jpg
severity: Medium - CVSS, Low - Piercing
piercingIndexVector: A3:1.05/A4:1/A5:1/A6:3/A7:1.1/A8:1.1
discoveredBy:
name: Tyson Garrett
org: TrustOnCloud
domain: null
twitter: null
publishedAt: 2024/02/22
disclosedAt: 2023/10/24
exploitabilityPeriod: Ongoing
knownITWExploitation: null
summary: |
A set of Azure OpenAI authoring API’s enables the use of the service instance endpoint as opposed to management.azure.com to create, update, delete, and list/read the Azure OpenAI Deployment resource. This allows for bypass of Azure Policy for Deny/Modify effects, Resource Locks and provides you the option to use access keys instead of your Entra ID identity to do so.
manualRemediation: |
Do not use the Azure AI Developer built-in role and ensure any roles used for Microsoft.CognitiveServices namespace add the below operations to the NotDataActions section of any applicable Role Definitions.
Microsoft.CognitiveServices/accounts/OpenAI/deployments/read
Microsoft.CognitiveServices/accounts/OpenAI/deployments/write
Microsoft.CognitiveServices/accounts/OpenAI/deployments/delete
detectionMethods: null
contributor: https://github.com/tyson-trust
references:
The text was updated successfully, but these errors were encountered: