Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

[IDOR] Modify other team's reminders via reminderId parameter

Medium
L
Lark Technologies
Submitted None

Team Summary

Official summary from Lark Technologies

An IDOR (Insecure Direct Object Reference) vulnerability was found in Larksuite reminders, allowing an attacker to modify any other user's reminder in the POST request via "reminderId" parameter. We thank imran_nisar for reporting this vulnerability and confirming its resolution.

Actions:
View on HackerOne
Reported by imran_nisar

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Insecure Direct Object Reference (IDOR)