HackerOne: IDOR Vulnerability at AddTagToAssets operation name
The IDOR vulnerability was discovered in the AddTagToAssets operation name of a GraphQL endpoint. The vulnerability allowed an attacker to obtain the IDs of custom tags created by a victim by decoding the base64-encoded tagId parameter in the request. This revealed the format and pattern of the t...