services / Azure / Azure Automation Webhook
An Azure Automation webhook is a token-bearing HTTP trigger that invokes a runbook, which then executes under the Automation account's managed/Run As identity.
The secret token-bearing invocation URI is returned only at creation, never on read.
Microsoft.Automation/automationAccounts/webhooks/write
Creating/updating a webhook yields an unauthenticated token-bearing trigger URL that runs a runbook as the account identity, enabling code execution as that identity (lateral movement), a durable backdoor trigger (persistence), and arbitrary workload abuse (hijack).
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog