Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue: Eligible Members/Owners of Groups (PIM for Groups) Not Enumerated #106

Open
zh54321 opened this issue Nov 30, 2024 · 1 comment
Open

Issue: Eligible Members/Owners of Groups (PIM for Groups) Not Enumerated #106

zh54321 opened this issue Nov 30, 2024 · 1 comment

Comments

@zh54321
Copy link

zh54321 commented Nov 30, 2024
edited
Loading

First of all, thank you for this fantastic tool. It has been incredibly useful, especially in enumerating CAPs and eligible role assignments as a low-privileged user, which has significantly helped in many assessments.

However, I noticed a potential issue:
Eligible members/owners of groups (PIM for groups) are not being enumerated.

For example:

  1. While I can see that the group has the Global Administrator role assigned:
    1

  2. I'm unable to see the eligible members and owners of the group:
    group_members

  3. However, in the portal, it is visible that the group has eligible owners/members:
    2

Therefore, assignments to groups which have privileged roles could be missed.
@dirkjanm
Copy link
Owner

dirkjanm commented Dec 3, 2024

Hey, good catch. I'm not sure if eligible group members are part of the AAD data model and/or exposed by the AAD graph API, but I'll investigate it and see if we can add it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dirkjanm @zh54321