services / Azure / Web Apps Hostruntime Workflow Triggers

The trigger definitions of Logic Apps Standard / Functions-style workflows hosted in an App Service site host runtime. Triggers define how and when a workflow's automation fires (HTTP webhook, schedule, connector event).

Workflows often run with a managed identity and connections to other services; their triggers and run history can expose how business automation is wired and the data it processes.


Microsoft.​Web/​Sites/​hostruntime/​webhooks/​Api/​workflows/​triggers/​listCallbackUrl/​action

Returns the trigger callback URL embedding a SAS signature (sig=) that lets anyone holding it invoke the workflow without further authentication, i.e. exported credential-equivalent material.

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​microsoft.​web
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog