IDOR vulnerability on profile picture changing mechanism which discloses other user's profile picture.
Medium
G
Glassdoor
Submitted None
Team Summary
Official summary from Glassdoor
Profile picture information (such as image ID) was being exposed unnecessarily via HTTP responses when changing a user's profile picture. This behavior has been corrected. Thank you to the researcher for bringing this to our attention!
Actions:
Reported by
iohasib
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Insecure Direct Object Reference (IDOR)