writeups.xyz / Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user account

Submitter : c2a

Date: 21 April 2022

Bounty : undisclosed

Vulnerabilities :

• Information Disclosure
• Privilege Escalation

Programs :

• Microsoft

Authors :

• Joosua Santasalo (@SantasaloJoosua)

Link :
https://securecloud.blog/2022/04/21/microsoft-cloud-security-research-public-disclosure-gaining-unlimited-access-to-graph-auditlogs-endpoint-using-complex-filters-with-non-privileged-user-account/