Join GitHub today
Serious security issue in Customer Address edit section #1107
I have installed Magento2 latest beta version yesterday and was checking it today. I found a serious issue where customer can view/edit (yes EDIT!) another customer's address. It's very simple to reproduce, just change the ID of the address in the URL and you will be presented with that address to edit.
Proof of concept:
The version I am using: Magento ver. 0.42.0-beta11