services / Azure / Container registry task runs
The ACR Tasks run records of an Azure Container Registry, representing build/task execution jobs and their properties, status, and logs.
Run records are build-pipeline operational metadata; some run-scoped actions (log SAS URLs) expose credential and log material.
Microsoft.ContainerRegistry/registries/runs/listLogSasUrl/action
Returns a pre-authenticated SAS URL granting out-of-band access to a run's build logs, yielding both credential-bearing token material and log contents that can leak secrets.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog