services / Azure / Subscription ownership acceptance
An action that completes an ownership/billing-transfer of an entire Azure subscription, making the accepting principal the subscription owner.
Subscription-wide control affecting all contained resources and identities; tenant-scope sensitivity.
Microsoft.Subscription/subscriptions/acceptOwnership/action
Accepting ownership grants the attacker owner-level control over an entire subscription (escalation:privilege), lateral access to all its resources and identities (escalation:lateral), and shifts billing responsibility enabling attacker-incurred spend (impact:spend).
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security