Unauthenticated route use predictable IDs

Description

The application may be giving access to data to unauthenticated users. This could be used by a malicious third party to exfiltrate large amounts of potentially sensitive data.

Rationale

Route might be vulnerable to a data leak.

Remediation

  • Validate whether the IDs are predictable and map to resources across users. Implement rate limiting.