services / Azure / Bastion Host session recording SAS URL
Azure Bastion is a managed PaaS jump host deployed in a VNet that brokers secure browser-based RDP/SSH connectivity to VMs without exposing public IPs on those VMs.
A production secure-access entry point into a private network; controlling or observing it affects reachability of all VMs behind it.
Microsoft.Network/BastionHosts/getsessionrecordingsasurl/read
Returns the SAS URL (a bearer credential token) that grants direct access to the storage holding recorded RDP/SSH privileged sessions, exposing both the credential token and the sensitive session audit recordings.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog