An exposed endpoint in the Azure Automation Service allowed to steal Azure
API credentials from other customers
None required. As a general practice, use the least-privilege
principle, including on managed identities assigned to automation accounts. While
this would not have prevented the leakage of API credentials, it would have reduced
the blast radius.