services / Azure / Gateway hostname configurations
Custom hostname (domain) bindings attached to an API Management self-hosted/gateway resource, defining the network-facing endpoints and associated certificates through which the gateway serves APIs.
Controls public-facing domain routing for a single API gateway; writes can hijack traffic on a domain.
Microsoft.ApiManagement/service/gateways/hostnameConfigurations/write
Binds a custom domain/hostname (and certificate) to the gateway, letting an attacker route traffic for that domain through the gateway and alter the public-facing endpoint configuration.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog