TikTok: Cross-Tenant IDOR ( graphql `AddRulesToPixelEvents` query ) allowing to add, update, and delete rules of any Pixel events on the platform

Due to an Insecure Direct Object Reference IDOR vulnerability, an attacker could have potentially added, deleted, or updated rules for other users' pixel events in the TikTok ads portal. We thank @bubbounty for reporting this to our team and confirming the resolution. This report is one of my...