[ Continuation Report from #1814842 ] Can create articles using other users' NewsLetters
Medium
L
LinkedIn
Submitted None
Team Summary
Official summary from LinkedIn
Security researcher found an IDOR on LinkedIn where the attacker is able to publish articles using Victim's newsletter. This published article is not seen on the Victim's newsletter homepage and there is no notification sent to the subscribers of the victim's newsletter regarding this publication from the attacker.
Actions:
Reported by
find_me_here
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Insecure Direct Object Reference (IDOR)