Impact
An authenticated user can issue a message server API request that exploits an access control issue, allowing them to bypass tenant isolation controls and exfiltrate job processing metadata belonging to other tenants.
Vulnerability Description
An improper access control was identified in the Identity Cloud Security (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata belonging to other tenants.
Identification and Remediation
This issue was identified during a cloud vendor Red Team X assessment which was conducted on a dedicated bug bounty environment and is disclosed in CVE-2024-3317. This issue has since been resolved. No further action is needed.
Impact
An authenticated user can issue a message server API request that exploits an access control issue, allowing them to bypass tenant isolation controls and exfiltrate job processing metadata belonging to other tenants.
Vulnerability Description
An improper access control was identified in the Identity Cloud Security (ISC) message server API that allowed an authenticated user to exfiltrate job processing metadata belonging to other tenants.
Identification and Remediation
This issue was identified during a cloud vendor Red Team X assessment which was conducted on a dedicated bug bounty environment and is disclosed in CVE-2024-3317. This issue has since been resolved. No further action is needed.