Cross Tenant Vulnerabilities Could Soon Spell a Curse on Microsoft Azure
A malicious actor can weaponize the bug to acquire the Azure Data Factory service certificate and access another tenant’s Integration Runtimes
Microsoft is reporting that a vulnerability in its Azure Automation service was mitigated in December, following its discovery by a researcher at Orca Security, and that there’s no evidence the vulnerability was exploited by hackers. Had it not been caught and fixed, the critical vulnerability could have allowed someone to cross from one tenant within Azure to another…