PT-2021-21824 · Microsoft · Onefuzz
Name of the Vulnerable Software and Affected Versions: OneFuzz versions 2.12.0 through 2.30.0 Description: The issue is related to an incomplete authorization check in OneFuzz, allowing an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFu...