## Critical Azure Misconfiguration Exposes InRiver MCP Tools Server, Allowing Public SQL Execution
A critical infrastructure misconfiguration has left a core InRiver development server publicly accessible on the internet, exposing an unauthenticated endpoint capable of executing SQL queries and retrieving database schemas. The MCP Tools Container App, intended to be an internal service, is responding to public requests due to an `ingress` setting incorrectly set to `external: true` in its Azure runtime configuration, directly contradicting the infrastructure-as-code blueprint that specified `external: false`.

The exposed server, `inriver-dev-mcp-tools`, resides in the `RG-InRiver` resource group in Sweden Central. Public verification shows the server's endpoint is live and returns a JSON-RPC error when probed, indicating the underlying MCP (Model Context Protocol) service is active. This server is designed to interface directly with tenant databases, granting it significant data access capabilities. In stark contrast, a related service, the `inriver-dev-orchestrator`, is correctly configured as an internal-only endpoint, highlighting this as an isolated but severe configuration drift.

This exposure creates a direct, unauthenticated pathway to what should be a protected backend service. The ability to execute SQL through this endpoint poses an immediate data security risk, potentially allowing unauthorized access to database contents and schema information. The misconfiguration represents a failure in the deployment or governance process, where the declared security posture in the Bicep IaC template was not enforced in the live Azure environment, leaving a sensitive tool exposed to the public internet without any authentication gate.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: Azure, Security Misconfiguration, Data Exposure, SQL, DevOps
- **Credibility**: unverified
- **Published**: 2026-04-12 20:22:30
- **ID**: 60813
- **URL**: https://whisperx.ai/en/intel/60813