services / Azure / DiskRestorePoint

A disk restore point is a point-in-time incremental snapshot of a VM managed disk captured under a restore point collection, representing a recoverable copy of the full disk (OS/data) contents.

The underlying snapshot is a complete copy of disk data (which may contain credentials and sensitive data).


Microsoft.​Compute/​restorePointCollections/​restorePoints/​diskRestorePoints/​beginGetAccess/​action

Returns a SAS URI granting direct download access to the full disk restore point image (OS/application data, possibly embedded credentials); the SAS token is itself reusable credential material.

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​Compute
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog