services / Azure / Azure Automation Variable Asset
An Azure Automation variable asset is a named value stored in an Automation account and consumed by runbooks/DSC; variables can be plaintext or marked encrypted (secure).
Variables commonly hold operational config and, when not marked encrypted, are frequently misused to store connection strings, endpoints, and other sensitive values that the management-plane read returns in cleartext; encrypted variable values are NOT returned by the management API.
Microsoft.Automation/automationAccounts/variables/delete
Deletes a variable asset, destroying stored automation config/state that runbooks depend on and potentially breaking the workflows that consume it.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security