Attacker is able to join any tenant on larksuite and view personal files/chats.

A privilege escalation issue was found in Open.larksuite.com, which could have potentially allowed attackers to join any tenant, and view files and communications that are shared by team members. We thank @imran_nisar for reporting this to our team and confirming the resolution.