IDOR Allows Viewer to Delete Bin's Files
Medium
L
Lark Technologies
Submitted None
Team Summary
Official summary from Lark Technologies
An IDOR (Insecure Direct Object Reference) vulnerability was found where if a user with only view permissions knew the alphanumeric token of a folder, they could permanently delete it from an admin's bin. We thank @snapsec for reporting this to our team.
Actions:
Reported by
imran0x01
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic