services / Azure / Static Site custom domain
A custom domain binding that maps a public hostname/subdomain to an Azure Static Web App, controlling how a domain routes to the public-facing site.
Public-facing asset; controls how a brand domain serves content to end users.
Microsoft.Web/staticSites/customdomains/Write
Creating a custom-domain binding lets an attacker route a domain/subdomain to the static site, enabling domain takeover and defacement of the public-facing asset.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security
© 2023–present P0 Security and contributors to the IAM Privilege Catalog