TikTok: Ability to change permissions across seller platform
An Insecure Direct Object Reference IDOR vulnerability was found on the "Post" request on a TikTok Seller endpoint, which could have resulted in any user having the ability to change the "Finance Specialist" role permission. We thank @imrannisar for reporting this to our team...