Yelp: I.D.O.R TO EDIT ALL USER'S CREDIT CARD INFORMATION+(Partial credit card info disclosure)

@hk755a discovered an Insecure Direct Object Reference Vulnerability that allowed an attacker to obtain the last four digits of a credit card that has been registered with the Yelp platform, through the error messages that the /profilepayment/save endpoint returned...