services / Azure / Web App slot config snapshots

Point-in-time configuration snapshots of an App Service deployment slot, capturing the slot's saved application settings and connection-string configuration history.

The snapshot metadata/list does not return secret values; secret material is exposed only via the dedicated listsecrets action.


Microsoft.​Web/​Sites/​slots/​config/​Snapshots/​listSecrets/​action

This listsecrets action returns the secret app settings and connection strings captured in a slot config snapshot, exporting reusable credential/connection-string material that authenticates to backing data stores and enables pivoting to other identities.

Risks

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​microsoft.​web
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog