Jan-06-2024 - Adding Items to any User's Collections


Reported on Immunefi	Jan-06-2024
Mitigation	Jan-06-2024
Solution Completed	Jan-06-2024

Description

Due to missing access controls on the endpoint to create new items, it was possible to add any item to any user's collection by using their collection UUID.

Severity

Websites & Applications - High.

Solution

Add missing validation to the endpoint.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2024-01-06.md

2024-01-06.md

Jan-06-2024 - Adding Items to any User's Collections

Description

Severity

Solution

Files

2024-01-06.md

Latest commit

History

2024-01-06.md

File metadata and controls

Jan-06-2024 - Adding Items to any User's Collections

Description

Severity

Solution