PortSwigger Web Security: Incorrect logic when buy one more license which may lead to extend the expire date of existing license

Vulnerability description not provided...

ASB-A-153995334

In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional...