Description

The API exposes sensitive information (Personally Identifiable Information (PII)) due to a vulnerability in the authorization process. An unauthenticated attacker can gain access to the personal data.

Remediation

Implement a robust authorization mechanism

References

API1:2019 Broken Object Level Authorization

API3:2019 Excessive Data Exposure

Related Vulnerabilities

Oracle JavaServer Faces multiple vulnerabilities

WordPress Plugin Advanced Custom Fields PRO Information Disclosure (6.0.2)

Arbitrary File Read on Nuxt.js Development Server

Struts2 Development Mode Enabled

Whoops error handler component detected

Severity

High

Classification

CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure