H3-2026-0015¶

Azure Storage Account Allows Blob Public Access

Description¶

This weakness affects Azure Storage accounts with the AllowBlobPublicAccess property enabled at the account level. This setting allows individual containers within the storage account to be configured for anonymous public access, which can lead to unauthorized data exposure. Even if no containers currently have public access enabled, this setting creates an attack surface where accidental or malicious configuration changes could expose sensitive data.

Impact¶

When this account-level setting is enabled, storage administrators or users with sufficient permissions can configure individual containers for anonymous public access, potentially exposing sensitive data without authentication requirements.

References¶

• Microsoft Docs: Prevent anonymous public read access to containers and blobs
• Microsoft Docs: Configure anonymous public read access for containers and blobs
• Microsoft Docs: Security Recommendations for Blob Storage
• MITRE ATT&CK Technique: T1530: Data from Cloud Storage