Authenticated route returns sensitive data using predictable IDs

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

The application may be giving access to sensitive data through predictable IDs, which could be used by a malicious third party to exfiltrate large amounts of sensitive data once they gain access to a user account.

Rationale

Route might be vulnerable to a data leak.

Remediation

  • Validate that users only have access to their own data (AuthZ).