TF 0130 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Roles limited to the required actions
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | authorization |
| Provider | Azure |
Description
The role definition grants wildcard permissions ("*") across all actions and scopes, allowing the role to perform any operation without restriction. This violates the principle of least privilege and creates overly broad access.
Impact
If exploited, attackers or unauthorized users with this role could perform any action on the subscription, including modifying resources, accessing sensitive data, or disrupting services, significantly increasing the risk of account compromise and data breaches.
Resolution
Use targeted permissions for roles