services / Azure / Web App
An Azure App Service site (Web App, Function App, or Logic App Standard) is a managed hosting resource that runs an organization's application code, often with an attached managed identity, app settings/connection strings, and a public-facing endpoint.
Production application hosting for a single organizational function; can hold secrets in app settings, run code under a managed identity, and serve public traffic.
Microsoft.Web/Sites/listworkflowsconnections/action
Listing a Logic App's connections by ID returns connection objects that can include runtime secrets/connection keys for downstream services, enabling credential exfiltration and lateral movement to connected systems.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security