services / Azure / Container registry webhooks
A webhook on an Azure Container Registry that fires HTTP callbacks to a configured service URI when registry events occur (image push, delete, quarantine, chart push/delete).
Supporting integration/notification plumbing for a registry; the callback configuration can embed authentication secrets in custom headers, but the webhook itself does not hold image artifacts.
Microsoft.ContainerRegistry/registries/webhooks/getCallbackConfig/action
Unlike the plain webhook read, this action returns the service URI plus the custom headers, which typically embed an Authorization/bearer token for the destination, disclosing credential-equivalent secret material.
Risks
Scope: MEDIUM
This privilege may grant access to confidential data, or its exploit can incur operational cost.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog