GHSA-7VFX-4246-JCFH SolidInvoice: IDOR in LiveComponent allows same-company cross-user access to API tokens and notification transport settings
Summary Four authorization bypass vulnerabilities in Symfony LiveComponent actions allow any authenticated user within a company to access, modify, or delete other users' API tokens and notification transport settings. The root cause is that LiveComponent actions accept entity IDs without verifyi...