lemlist: Unauthorized Password Reset Allows Account Takeover Across Tenant Boundaries
An authorization issue was discovered in the application that allowed a tenant admin to change the password of another user within the same tenant, including invited agency accounts. The victim had to first accept the invitation before the attacker could proceed. The issue could allow unintended...