services / Azure / Virtual machine scale set disk
A managed OS/data disk attached to a Virtual Machine Scale Set instance, holding the VM's filesystem contents.
Production compute disks can contain application data, configuration, and secrets/credentials stored on disk.
Microsoft.Compute/virtualMachineScaleSets/disks/beginGetAccess/action
Returns a SAS URI granting direct blob-level read access to the full scale-set disk, enabling export of all disk contents; the returned SAS token is itself credential material (exfiltration:crypto) and grants any on-disk secrets.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog