How a GraphQL Mutation Allowed Unauthorized Report Deletion Across Teams · Broken access control: A core principle of secure systems was violated.
Logic Flaw: Deleting HackerOne Team Reports Without Access Rights – InfoSec Write-ups
How a GraphQL Mutation Allowed Unauthorized Report Deletion Across Teams · Broken access control: A core principle of secure systems was violated.