services / Azure / Azure Compute Galleries
An Azure Compute Gallery (Shared Image Gallery) is a container resource that organizes, versions, and distributes custom VM image and application artifact definitions.
The gallery resource holds artifact-container configuration; the read does not access image data itself.
Microsoft.Compute/galleries/share/action
Shares the gallery to other scopes/tenants/community, both exposing proprietary VM image artifacts (which may embed code/secrets) to external principals and altering the gallery's access boundary.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog