Azure Stack Portal has the ability to deploy resources from a template. The template can be uploaded from a local file or a remote URL. If an attacker supplies a URL, Azure stack fails to validate that the URL points to an internal and not external source resulting in an SSRF vulnerability that allows sending GET request into Azure Stacks internal network.
After examining Azure Stack internal services we identified a service called “DataService” that didn’t require authentication and could be accessed using the SSRF. Examining its API we revealed that it can return information about the existing machines on the Compute Cluster and also perform screenshots on them.
To summarize, combining the SSRF with the DataService that didn’t require authentication allowed us to leak information about Azure Stack/tenant virtual machines and perform screenshots on them.