Description
In this case a attacker can be able to archive any user of any targeted organization
Proof of Concept
- Attacker create new organization OrgA
- Attacker add any user to his organization OrgA And archive the user
- Capture this request in burp suite
- victim is user of organization OrgB
- Change id of our user to victim user of any organization then the user will be archived from OrgB4