Report #1618347 – Disclosing PolicyPageAssetGroup in Private Programs via /graphql `gid …

Report #1618347 – Disclosing PolicyPageAssetGroup in Private Programs via /graphql `gid …

… GraphQL endpoint. Attackers could enumerate {id} values and expose private data, including program names, scope details, and the titles of reports …

 

Read More