services / Azure / API Management named values
Named values are key/value constants (some flagged secret or backed by Key Vault) referenced across all API configurations and policies in an API Management instance.
May hold or reference credentials and backend URLs; secret-flagged values are masked on GET and require the listValue action to reveal.
Microsoft.ApiManagement/service/namedValues/listValue/action
Returns the plaintext secret of a named value, which commonly stores backend credentials, keys, or connection strings used in policies, enabling credential exfiltration and lateral access to backends.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security