services / Azure / API Management tool servers
Tool server registrations on an Azure API Management AI gateway that define backend MCP/tool integrations (endpoints, namespaces, header/OAuth2 configuration) the gateway brokers for agent tool calls.
The configuration holds backend credential material (header values, OAuth2 client secrets, OpenAPI spec), but secret values are exposed only via the separate listSecrets action.
Microsoft.ApiManagement/service/toolServers/listSecrets/action
Per its description this action explicitly returns the secret subtrees (header values, oauth2.clientSecret, OpenAPI spec content) for every endpoint, exporting reusable credential material an attacker can replay to authenticate to the backend tool servers as the gateway.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security