| 1653 | Azure Active Directory Exposes Internal Information |
Cloud
Information disclosure
Azure AD |
Microsoft (Azure) |
Counter Threat Unit Research Team |
Bug Bounty | 2022-04-05 | 2023-06-13 |
| 1646 | MSRC – Joint security research write up – Azure AD Consent bypass disclosure with Kim Jamia – Q1/2022 |
Authorization flaw |
Microsoft |
Joosua Santasalo (@SantasaloJoosua) |
Bug Bounty | 2022-04-09 | 2023-06-13 |
| 809 | SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover |
Account takeover
Azure AD
Cloud |
Microsoft |
Tomer Nahum (@TomerNahum1) |
Bug Bounty | 2022-11-18 | 2023-06-13 |
| 663 | Passwordless Persistence and Privilege Escalation in Azure |
Privilege escalation
Cloud
Azure AD |
Microsoft |
Andy Robbins (@_wald0) |
Bug Bounty | 2022-12-21 | 2023-06-13 |
| 571 | Azure Active Directory Flaw Allowed SAML Persistence |
Azure AD
SAML
SSO |
Microsoft (Azure) |
Secureworks Counter Threat Unit (@Secureworks) |
Bug Bounty | 2023-01-18 | 2023-06-13 |
| 501 | Azure security — Internal recon leveraging lack of access control |
Azure AD
Cloud
Security misconfiguration
Privilege escalation |
Microsoft (Azure) |
Molx32 |
Bug Bounty | 2023-02-02 | 2023-06-13 |
| 476 | Azure Ad Kerberos Tickets: Pivoting To The Cloud |
Active Directory
Cloud
Lateral movement |
NA |
Edwin David |
Bug Bounty | 2023-02-09 | 2023-06-13 |
| 256 | I’d TAP That Pass |
Azure AD
Cloud
OAuth |
NA |
Daniel Heinsen (@hotnops) |
Bug Bounty | 2023-03-29 | 2023-06-13 |
| 255 | BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained |
Account takeover
Azure AD
Cloud
XSS
Privilege escalation |
Microsoft (Bing) |
Hillai Ben-Sasson (@hillai) |
Bug Bounty | 2023-03-29 | 2023-06-13 |
| 62 | Tampering with Conditional Access Policies Using Azure AD Graph API |
Cloud
Privilege escalation |
Microsoft (Azure) |
Secureworks Counter Threat Unit (@Secureworks) |
Bug Bounty | 2023-05-23 | 2023-06-13 |
