Veris: Insecure Direct 'org-invite-log' References

2016-03-16T22:20:34
ID H1:123712
Type hackerone
Reporter zuh4n
Modified 2016-03-18T05:58:15

Description

The particular issue was related to Insecure Direct Object Reference vulnerability where a particular API was not included in the main permission sets. So the enumeration attacks could be executed.