Exploiting Misconfigured CORS to Steal User Information

In this report, the researcher demonstrated how a CORS misconfiguration was allowing user details, such as email addresses and IDs, to be shared inappropriately. They also provided a POC which showed how an attacker could exploit this remotely. This issue was resolved in a platform update to our Support site; the gateway that was leaking user information was removed entirely.