Starbucks: Singapore - IDOR in campaign.starbucks.com.sg

2020-01-25T20:41:20
ID H1:783332
Type hackerone
Reporter bytebunny
Modified 2020-03-17T21:32:47

Description

bytebunny discovered an Insecure Direct Object Reference (IDOR) exposing limited marketing data for customers in Singapore.

@bytebunny — thank you for reporting the vulnerability and for confirming the resolution.