How can the Azure portal be improved?

← Azure portal

App Services Deployment Center Security Bug

There's a current security loophole in your system where if someone provides a link to the current Deployment Center, a user that does not have write permission but have read permission will be able to view the logs. They do not seem to have access to click on the buttons, but they might be able to see other parts they shouldn't have access to.

Steps to replicate:
1) Login as a user with read-only permissions
2) Have a user with both write and read permission provide a link to the Deployment center
3) User with read-only permission will be able to click on the link and then view the logs even though they would not be able to access it through the page.

1 vote
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Samuel Tambunan shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

Azure portal: Bugs

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice