services / Azure / API Management tool servers

Tool server registrations on an Azure API Management AI gateway that define backend MCP/tool integrations (endpoints, namespaces, header/OAuth2 configuration) the gateway brokers for agent tool calls.

The configuration holds backend credential material (header values, OAuth2 client secrets, OpenAPI spec), but secret values are exposed only via the separate listSecrets action.


Microsoft.​ApiManagement/​service/​toolServers/​listSecrets/​action

Per its description this action explicitly returns the secret subtrees (header values, oauth2.clientSecret, OpenAPI spec content) for every endpoint, exporting reusable credential material an attacker can replay to authenticate to the backend tool servers as the gateway.

Risks

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​ApiManagement
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog