Authenticated route returns sensitive data using predictable IDs

Description

The application may be giving access to sensitive data through predictable IDs, which could be used by a malicious third party to exfiltrate large amounts of sensitive data once they gain access to a user account.

Rationale

Route might be vulnerable to a data leak.

Remediation

  • Validate that users only have access to their own data (AuthZ).