Privilege Escalation - A Non Owner User Who Does not Have access to the user management can invite other users to the restaurant page
Low
Y
Yelp
Submitted None
Team Summary
Official summary from Yelp
An unauthorised business user was able to invite other users to become members of the same business account without being visible in the User Management page.
Actions:
Reported by
vijaysimha-reddy
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic