Medium
resolved
resolved
Ability to access policy and updates for unauthorized program
Bug reported by was disclosed at May 8, 2025, 4:11 pm | Improper Access Control - Generic
The vulnerability allowed an unauthorized user to access the policy and updates for a restricted program using an API key. The user was able to retrieve sensitive data from the unauthorized program, even though they were only granted access to one of the two programs in the organization.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
