Authenticated route returns sensitive data using predictable IDs

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

The application may be giving access to sensitive data through predictable IDs, which could be used by a malicious third party to exfiltrate large amounts of sensitive data once they gain access to a user account.

Rationale

Route might be vulnerable to a data leak.

Remediation

  • Validate that users only have access to their own data (AuthZ).