IDOR - Deleting user group
December 4, 2020
|Reported at||December 3, 2020|
|Weakness||CWE 1220 - Insufficient Granularity of Access Control|
The insufficient access control on the endpoint could potentially be used by a malicious attacker to delete any user group. The attacker must know the group ID for this action.
Impact - This vulnerability might cause a service interruption for users within a deleted group by an attacker.