Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the users.getUser method in the JSON-RPC API. An attacker can retrieve sensitive credential information, such as password hashes, TOTP secrets, and session tokens, by supplying...