services / Azure / Web App slot app setting
App settings of an Azure App Service deployment slot, injected into the running app as environment variables.
App settings routinely hold API keys, passwords, and connection secrets returned in cleartext; treated as credential material.
Microsoft.Web/Sites/slots/config/appsettings/read
This management-plane read returns the slot's app setting values in cleartext, which commonly embed secrets/credentials usable to pivot into backing services.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog