Custom subscription role grants owner rights Affecting Authorization service in Azure
Severity Framework
Snyk CCSS
Rule category
IAM / Least Privilege
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Azure
CIS-Controls
CSA-CCM
ISO-27001
NIST-800-53
PCI-DSS
- Snyk ID SNYK-CC-00503
- credit Snyk Research Team
Description
Granting permission to perform any action is against the principle of least privilege.
How to fix?
Set properties.permissions attribute to specific actions only, e.g Microsoft.Storage/storageAccounts/blobServices/containers/read.