Orca Security discovers 'AutoWarp', cross-tenant vulnerability within Azure Automation Service
Disclosure about a leak in Microsoft's Azure Automation platform back in December 2021, has recently surfaced to highlight a possible cross-tenant vulnerability within the process.
According to a report from Venture Beat, Microsoft was fortunate enough to have the exploit reported by a friendly researcher from Orca Security firm who managed to find a report the Azure Automation vulnerability before any malicious hackers were able to take advantage of the lapse in security.
Had Orca not been on the case, the vulnerability had the power to allow someone to cross from one Azure tenant to another with access to customer data and information. Orca researcher Yanir Tsarimi reported the tenant vulnerability dubbed AutoWarp, to Microsoft on December 6, 2021 and the company says it patched the exploit four days later, on December 10, 2021.