[Broken Access Control ] Unauthorized Linking accounts & Linked Accounts info DIsclosure
Low
S
Stripe
Submitted None
Team Summary
Official summary from Stripe
@mr_asg discovered that users of an account with member permissions were improperly allowed to see activated linked accounts and connect new carts to the account.
Actions:
Reported by
mr_asg
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$250.00
Submitted
Weakness
Improper Access Control - Generic