services / Azure / Storage Blob Service Blobs
Blobs are the individual data objects (files) stored inside containers of an Azure Storage account's blob service. They hold an organization's unstructured production data such as documents, backups, media, and application data.
Data-plane access to blobs directly exposes stored organizational data; ADLS Gen2 (hierarchical namespace) accounts also expose POSIX ownership/ACLs at the blob level.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/manageOwnership/action
Changing ADLS Gen2 POSIX ownership of a blob reassigns the owning principal, letting an attacker gain owner-level control over the data object and deny the legitimate owner's access.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security