services / Azure / Web App

An Azure App Service site (Web App, Function App, or Logic App Standard) is a managed hosting resource that runs an organization's application code, often with an attached managed identity, app settings/connection strings, and a public-facing endpoint.

Production application hosting for a single organizational function; can hold secrets in app settings, run code under a managed identity, and serve public traffic.


Microsoft.​Web/​Sites/​listworkflowsconnections/​action

Listing a Logic App's connections by ID returns connection objects that can include runtime secrets/connection keys for downstream services, enabling credential exfiltration and lateral movement to connected systems.

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​microsoft.​web
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog