China – Limited Partner PII Regarding Work Scheduling via Unauthenticated API Endpoint
Critical
S
Starbucks
Submitted None
Team Summary
Official summary from Starbucks
0xpatrik discovered an unauthenticated API endpoint that allowed retrieval of specified work leave dates of designated Starbucks employees in China. @0xpatrik — thank you for reporting the original vulnerability and for confirming the resolution.
Actions:
Reported by
0xpatrik
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Information Disclosure