services / Azure / Web App functions
A function within an App Service Function App, comprising the deployed executable code/logic, its bindings/trigger configuration, and invocation keys.
Runs application logic under the function app's compute and (any attached) managed identity; supports a single organizational function.
Microsoft.Web/Sites/functions/listSecrets/action
Returns the function's secret material (function/host/system keys), bearer credentials usable to invoke and access the function endpoint.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog