Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability
Unauthenticated users can view a list of buckets the plugin has access to. The DefaultController-actionLoadContainerData endpoint allows unauthenticated users with a valid CSRF token to view a list of buckets that the plugin is allowed to see. Because Azure can return sensitive data in error...