services / Azure / Cross-tenant backup recovery points
A recovery point is a stored backup snapshot of a protected item at a point in time, enumerated here through a cross-tenant vault mapping. The list reveals which restorable backup copies of organizational data exist and their timestamps.
Recovery points are the actual backup data copies; their restore exposes the underlying organizational data.
Microsoft.RecoveryServices/Vaults/backupCrossTenantVaultMappings/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action
Restoring a recovery point reconstitutes the full backed-up data (potentially to an attacker-chosen target across the tenant boundary, exfiltrating it), can overwrite live data via original-location restore (manipulation), and provisions billable restore infrastructure (spend).
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security