Azure Key Vault Contributor Role Allows Data Access Escalation
/ 1 min read
🔑 Azure Key Vault Contributor Role Allows Unintended Data Access. A recent security analysis revealed that users with the Key Vault Contributor role can escalate their privileges to access sensitive data, including secrets, keys, and certificates, by modifying access policies. This behavior contradicts Microsoft’s documentation, which states that this role does not permit access to such data. Microsoft has since clarified that this configuration is not a vulnerability, as contributors can manage access policies. They recommend using the Role-Based Access Control (RBAC) model to mitigate risks associated with access policies. Organizations are advised to review their Key Vault configurations and limit the assignment of roles that could lead to unauthorized data access.
