services / Azure / Azure Automation Source Control keys

The listKeys action for an Azure Automation source control returns the stored access token (Git PAT/OAuth credential) used to authenticate to the linked repository.

The displayName is mislabeled as 'Create or Update'; this is a listKeys credential-retrieval action that returns reusable secret material.


Microsoft.​Automation/​automationAccounts/​SourceControls/​listKeys/​action

Despite the misleading displayName, this listKeys action returns the source control's stored Git access token, exporting reusable credential material that lets an attacker authenticate to and pivot into the linked source repository.

Risks

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​Automation
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog