Unauthorized Reservation Cancellation Through IDOR Vulnerability
High
Y
Yelp
Submitted None
Team Summary
Official summary from Yelp
It is possible to cancel a reservation by knowing the reservation id, this is because the reservation feature does not require users to login. We were already aware of this issue.
Actions:
Reported by
no-need
Report Details
Additional information and metadata
State
Closed
Substate
Duplicate
Submitted
Weakness
Insecure Direct Object Reference (IDOR)