services / Azure / Azure SQL Database server DNS alias
A SQL server DNS alias is a stable CNAME-like DNS name that maps clients to an Azure SQL logical server, allowing the underlying server to change without updating connection strings.
Controlling an alias controls the connection endpoint clients resolve to reach production databases; it is effectively a routing/domain control for the database service.
Microsoft.Sql/servers/dnsAliases/acquire/action
Acquiring an existing alias from its current server and repointing it to another server hijacks the stable connection endpoint, silently redirecting client traffic to an attacker-chosen SQL server (and denying the legitimate one).
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security