We received a report that indicates a potential vulnerability:
"The application has a functionality that allows users to add segments.
However, it does not implement an authorization check for the "project"
parameter, which allows users to add segments in all users account by
replacing the "project" parameter.
By exploiting this vulnerability, an attacker can add segments. As the
"project" parameter is numeric, the Attacker can do a brute force attack on
this endpoint. As a result, an attacker account can add segments in all
users account."
We received a report that indicates a potential vulnerability:
"The application has a functionality that allows users to add segments.
However, it does not implement an authorization check for the "project"
parameter, which allows users to add segments in all users account by
replacing the "project" parameter.
By exploiting this vulnerability, an attacker can add segments. As the
"project" parameter is numeric, the Attacker can do a brute force attack on
this endpoint. As a result, an attacker account can add segments in all
users account."