New Relic: Internal API endpoint discloses full account name of email address associated with unconfirmed user
There's an interesting thing happening with the Internal API call that lists users on an account. Based on what I can tell, it's another IDOR like █████████ in which it exposes user information of accounts that Steps to reproduce: 1. Create an account 2. As an admin, go to create a new user...