Azure Function Apps Managed Identity Privilege Escalation: From App to Subscription Owner
Azure Function Apps with system-assigned managed identities are a common privilege escalation path in cloud penetration tests and real-world breaches. An over-permissive managed identity on a vulnerable function can hand an attacker Subscription Owner. Here's how the path works and how to close it.