Cross-Tenant Privilege Escalation in Azure AI Search Allows Unauthorized Data Access
Overview
A high-severity privilege escalation vulnerability was discovered in Microsoft's Azure AI Search (formerly Cognitive Search) service. Tracked as CVE-2024-21390, the flaw allowed a user with limited permissions, such as 'Cognitive Services Contributor,' to grant themselves elevated 'Owner' privileges over the service. This unauthorized escalation was possible due to an improper authorization check in an API endpoint responsible for managing role assignments. An attacker could craft a specific API request to add their own account to the 'Owner' role, gaining full administrative control over the Azure AI Search instance. The impact of this vulnerability in a multi-tenant or enterprise environment is significant. A malicious user or a compromised low-privilege account could use this flaw to view, modify, or delete sensitive data indexed by the search service, which often includes proprietary documents, customer information, and internal knowledge bases used for RAG applications. They could also disrupt service availability by deleting the search index entirely. This vulnerability underscores the security complexities of multi-tenant cloud AI services and the critical importance of rigorous access control validation across all API endpoints. Microsoft addressed the vulnerability by deploying a server-side patch that enforces correct authorization checks for role management operations.
Affected Systems
Testing Guide
1. **Verify Patch:** As this was a server-side fix, direct testing is not feasible for customers. The service is considered patched by Microsoft. 2. **Audit Permissions (Post-Mortem):** Use the Azure portal or Azure CLI to list role assignments for your AI Search service. Run `az role assignment list --scope /subscriptions/{subId}/resourceGroups/{rg}/providers/Microsoft.Search/searchServices/{searchServiceName}`. 3. **Analyze Logs:** If you have historical activity logs, query for any role assignment write operations (`Microsoft.Authorization/roleAssignments/write`) that occurred before the patch date and originate from an unexpected principal.
Mitigation Steps
1. **No User Action Required for Patch:** The vulnerability was patched by Microsoft on the server-side. All instances of Azure AI Search are protected automatically. 2. **Audit Role Assignments:** Review all IAM role assignments on your Azure AI Search instances, particularly for the 'Owner' and 'Contributor' roles. Investigate any unfamiliar or suspicious assignments. 3. **Apply Principle of Least Privilege:** Regularly audit and ensure that users and service principals have only the minimum permissions necessary to perform their functions. Avoid using overly broad roles. 4. **Enable Diagnostic Logging:** Configure diagnostic logging for Azure AI Search to monitor for unusual administrative activities, such as frequent changes in role assignments.
Patch Details
Microsoft deployed a server-side patch to all affected regions before public disclosure. No customer action is required to receive the fix.