Parameter Manipulation allowed for editing the shipping address for other user’s teavana.com subscriptions.
S
Starbucks
Submitted None
Team Summary
Official summary from Starbucks
@meals discovered a vulnerability which allowed the shipping address for teavana.com order subscriptions to be edited without proper authorization. Thanks @meals!
Actions:
Reported by
meals
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Authentication - Generic