Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: IDOR Attack #1405

Closed
1 task done
entrotech opened this issue Jul 12, 2023 · 1 comment
Closed
1 task done

Bug: IDOR Attack #1405

entrotech opened this issue Jul 12, 2023 · 1 comment
Labels
bug Release Note: Shows as Error Correction features: Security Testing level: easy priority: MUST HAVE role: back-end Node/Express Development Task size: 0.5pt Can be done in 2-3 hours or less

Comments

@entrotech
Copy link
Member

entrotech commented Jul 12, 2023
edited
Loading

Overview

ITA found a IDOR Attack vulnerability. See the PDF under Resources/Instructions for an explanation

Action Items

  • Fix by removing the unused endpoint

Resources/Instructions

IDORAtttack.pdf
@entrotech entrotech self-assigned this Jul 12, 2023
@entrotech entrotech added bug Release Note: Shows as Error Correction role: back-end Node/Express Development Task level: easy priority: MUST HAVE features: Security Testing size: 0.5pt Can be done in 2-3 hours or less labels Jul 12, 2023
entrotech added a commit that referenced this issue Jul 12, 2023
@entrotech
Fix Issue #1405, Bump ver to 0.2.48
a2c733d
@entrotech
Copy link
Member Author

Applied Hotfix 0.2.48 to resolve.

@ExperimentsInHonesty ExperimentsInHonesty moved this to On Dev - not yet pushed to Prod in P: TDM: project board Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Release Note: Shows as Error Correction features: Security Testing level: easy priority: MUST HAVE role: back-end Node/Express Development Task size: 0.5pt Can be done in 2-3 hours or less
Projects
P: TDM: project board
Status: Released
Milestone
No milestone
Development

No branches or pull requests
1 participant
@entrotech