U.S. Dept Of Defense: IDOR Lead To VIEW & DELETE & Create api_key [HtUS]
Hi Dod & Hackerone Team i hope you are Doing Well Today : Explaining: i found That a User With a Member Permission in a Organization Can Create & View & DELETE APIKEYS Step To Reproduce: 1 First Create 2 Accounts From Here https://███ 2 Log in With The Victim User and Create New Group From Here...