PII Leak via /███████
High
U
U.S. Dept Of Defense
Submitted None
Actions:
Reported by
un4gi
Vulnerability Details
Technical details and impact analysis
**Summary:**
The ██████████ website allows access to PII of all site users via faulty access control to the /██████ endpoint.
## Step-by-step Reproduction Instructions
1. Browse to ████████ and login or create an account.
2. Browse to ███████/████████. You will be able to access PII of all site users (click a username to view the PII).
## Suggested Mitigation/Remediation Actions
Restrict access to the /██████████ module to only administrative users.
## Impact
An adversary can gain access to PII of all ███████ users.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Information Disclosure