Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token

Summary Summary As part of a recent Coordinated Vulnerability Disclosure (CVD) report from Wiz.io, Microsoft investigated and remediated an incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. This URL included an overly-permissive Shared Access Signature (SAS) token for an internal storage account.

This article has been indexed from Microsoft Security Response Center

Read the original article: