services / Azure / Azure Automation job
An Azure Automation job is an execution instance of a runbook (automation script) within an Automation Account. Runbooks typically run under the Automation Account's managed identity or Run As credentials with privileges across managed resources.
Automation Account identities are frequently granted broad privileges (e.g. Contributor) to manage subscription resources, making job control a strong lateral-movement and code-execution surface. Runbook scripts and their output commonly contain hardcoded secrets.
Microsoft.Automation/automationAccounts/jobs/runbookContent/action
Returns the full runbook source as executed by the job, exfiltrating proprietary automation code along with hardcoded credentials, connection strings, and secrets commonly embedded in runbook scripts.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security