services / Azure / Bastion Host
Azure Bastion is a managed PaaS jump host deployed in a VNet that brokers secure browser-based RDP/SSH connectivity to VMs without exposing public IPs on those VMs.
A production secure-access entry point into a private network; controlling or observing it affects reachability of all VMs behind it.
Microsoft.Network/BastionHosts/getShareableLinks/action
Returning existing shareable URLs hands the attacker tokenized, RBAC-less links that grant browser-based RDP/SSH access to specific internal VMs, both yielding usable access tokens and enabling reach into the network.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog