Mass account takeover!

@akashhamal0x01 discovered an Organization Owner could update the email address of a member of their organization in TaxJar. This could have allowed an attacker to take over a victim’s account if the victim belonged to the attacker’s organization. The vulnerability was caused by the ability to edit another member’s email address and was resolved by restricting Organization Owners from editing a member’s email address.