Insecure Direct Object Reference (IDOR) in GraphQL deleteProfileImages Mutation
High
A
Autodesk
Submitted None
Team Summary
Official summary from Autodesk
An IDOR (Insecure Direct Object Reference) vulnerability was found on Autodesk User Profile, through the "id" parameter which could have allowed an attacker to delete another user's photo. Autodesk has fixed the vulnerability and we thank @alphahacks for reporting this issue.
Actions:
Reported by
alphahacks
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Insecure Direct Object Reference (IDOR)