An exposed endpoint in the Azure Automation Service allowed to steal Azure
API credentials from other customers
None required. As a general practice, use the least-privilege
principle, including on managed identities assigned to automation accounts. While
this would not have prevented the leakage of API credentials, it would have reduced
the blast radius.
No tracked CVEs