Authenticated route returns sensitive data

Description

The application may be giving access to sensitive data to authenticated users, which may not be intended.

Rationale

Route might be vulnerable to a data leak.

Remediation

  • Validate whether the application is intended to return sensitive data.
  • Ensure users can only access data they’re meant to access (unguessable IDs, authorization checks, etc.).