services / Azure / Web App slot connection string
Connection strings of an Azure App Service deployment slot that embed credentials for backing databases and storage services.
Connection strings by definition contain database/storage credentials returned in cleartext; credential material.
Microsoft.Web/Sites/slots/config/web/connectionstrings/write
Creating/updating a slot's connection string can repoint the slot to an attacker-controlled data store or inject credentials, manipulating config and enabling lateral movement.
Risks
Scope: CRITICAL
This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog