Parameter Manipulation allowed for viewing of other user’s teavana.com orders
S
Starbucks
Submitted None
Team Summary
Official summary from Starbucks
A vulnerability had existed which allowed for unauthorized viewing of order details belonging to other users. @meals delivered a solid report & worked with us to resolve the issue. Thanks @meals!
Actions:
Reported by
meals
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Authentication - Generic