services / Azure / Logic App workflow trigger callback URL
The callback URL for a Logic App workflow trigger, containing an embedded SAS signature that authorizes invoking (firing) the workflow trigger without further authentication.
The callback URL is credential-equivalent: anyone holding it can invoke the workflow, which then runs under the Logic App's identity and connections.
Microsoft.Logic/workflows/versions/triggers/listCallbackUrl/action
Returns the trigger callback URL with embedded SAS signature; an attacker can use it to invoke the workflow unauthenticated, driving it under the Logic App's identity/connections.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog