services / Azure / Disk snapshots
An Azure snapshot is a read-only point-in-time copy of a managed disk; it captures the complete filesystem contents of the source disk including any OS credentials, application data, and secrets present at capture time.
A snapshot is a full copy of a single workload's disk data, often used for backup/recovery. SAS-based access to its raw bytes bypasses VM-level access controls.
Microsoft.Compute/Snapshots/beginGetAccess/action
Mints a SAS URI (a SAS token, cryptographic credential material) granting direct blob-level read of the entire raw snapshot image, enabling bulk exfiltration of a full copy of the source disk's data outside Azure RBAC.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security