Homepage

Storage container allows public access Affecting Storage service in Azure

Severity

0.0
high
0
10
Severity Framework
Snyk CCSS
Rule category
IAM/ Public Access

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
CIS-Controls
  • Snyk IDSNYK-CC-00600
  • creditSnyk Research Team
Report a new misconfiguration Found a mistake?

Description

Disallowing public access helps to prevent data breaches caused by undesired anonymous access.

How to fix?

Set publicAccess attribute to None or remove the attribute.

Example Configuration

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "storageAccounts_storageaccount600_name": {
            "defaultValue": "storageaccount600",
            "type": "String"
        }
    },
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.Storage/storageAccounts",
            "apiVersion": "2022-09-01",
            "name": "[parameters('storageAccounts_storageaccount600_name')]",
            "location": "eastus",
            "sku": {
                "name": "Standard_LRS",
                "tier": "Standard"
            },
            "kind": "StorageV2",
            "properties": {
                "accessTier": "Hot"
            }
        },
        {
            "type": "Microsoft.Storage/storageAccounts/blobServices",
            "apiVersion": "2022-09-01",
            "name": "[concat(parameters('storageAccounts_storageaccount600_name'), '/default')]",
            "dependsOn": [
                "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccounts_storageaccount600_name'))]"
            ],
            "sku": {
                "name": "Standard_LRS",
                "tier": "Standard"
            },
            "properties": {
            }
        },
        {
            "type": "Microsoft.Storage/storageAccounts/blobServices/containers",
            "apiVersion": "2022-09-01",
            "name": "[concat(parameters('storageAccounts_storageaccount600_name'), '/default/allowed600')]",
            "dependsOn": [
                "[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('storageAccounts_storageaccount600_name'), 'default')]",
                "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccounts_storageaccount600_name'))]"
            ],
            "properties": {

                "publicAccess": "None"
            }
        }
    ]
}