Unauthorized Access to Private Video Description via Translation API for Private Accounts
Low
T
TikTok
Submitted None
Team Summary
Official summary from TikTok
A vulnerability was discovered in the TikTok translation API endpoint that could have allowed unauthorized access to video descriptions contained in private accounts. We thank @z3phyrus for reporting this to our team.
Actions:
Reported by
z3phyrus
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Insecure Direct Object Reference (IDOR)