An IDOR style issue allowing access to the data plane of a Azure Cognitive Search instance even if that instance was isolated from the internet.

The vulnerably starts with the addition of a “Allow access from Portal” toggle which was intended to allow the Azure Cognitive Search instance’s data plane to be accessible from the Azure portal regardless of the network restrictions on the instance. The authors dug into how this feature worked and what they found was basically a proxy service running on the Azure Portal. This interface would take in various pieces of information like those needed to actually specify the instance to query, it also took in an API key, but did not sufficiently validate the key. It would ensure the key was still valid, and was issued to the proper audience (the Azure Resource Manager API). It did not check if the key was issued within the same tenant, or provided real permissions to the data. So anyone could use their own token to access the data of any tenant.

This would require knowing specific information about the ACS instance you’d like to reach which can be challenging, but the fact that basically anyone could access any other’s tenant data even when it seemed that tenant was completely isolated is an issue.