Tools for Humanity: IDOR - Leaking of team data (name, email, ID, member ID) via POST /api/v1/graphql `FetchMemberships` operation

The vulnerability allowed individuals no longer associated with the organization to access sensitive team member data due to inadequate validation of user permissions. The information that was potentially accessible included names, email addresses, roles, and IDs of current team members...