services / Azure / API Management self-hosted gateways
A self-hosted gateway is a containerized API Management gateway registered with an APIM service instance that proxies and applies policies to API traffic for backend services, deployable outside Azure.
Gateways front a single API surface/function; their keys and tokens are connection credentials, and their configuration can embed backend secrets and named values.
Microsoft.ApiManagement/service/gateways/listDebugCredentials/action
Despite the 'list' name, this issues new debug credentials, returning credential material that grants privileged access to trace and inspect live request/response traffic through the gateway.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security