You can export all Recipients of organisation with simple user have no rights to view or edit Recipients
Massive account take over + informations disclousure
Broken Access Control lead to Full access to all Company Customers,users ,infrastructure using company email thats used for bugbounty perpus with there domain name weach make me abel to log to there sharpoint as there internal staff
