Description

The API exposes sensitive information (Personally Identifiable Information (PII)) due to a vulnerability in the authorization process. An unauthenticated attacker can gain access to the personal data.

Remediation

Implement a robust authorization mechanism

References

API1:2019 Broken Object Level Authorization

API3:2019 Excessive Data Exposure

Related Vulnerabilities

WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6)

WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)

WordPress Plugin MAC PHOTO GALLERY Arbitrary File Download (3.0)

Chrome Logger information disclosure

Elasticsearch service accessible

Severity

High

Classification

CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure