services / Azure / Web Apps Functions host
The Azure Functions host runtime for a function app, exposing operational actions such as syncing trigger definitions and reading sync status.
Host-level operational control plane for a function app; affects which triggers the runtime activates.
Microsoft.Web/Sites/host/listKeys/action
This list action returns the host/master key material, exporting usable credentials that authorize admin-level invocation of all functions and code execution as the app identity.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog