TimmyBugcrowd
commented
1 week ago Thank you for your participation. We will soon make changes for the IDOR section and I will update you here and get your input as well.
Open georgedevasia0 opened 9 months ago
TimmyBugcrowd
commented
1 week ago Thank you for your participation. We will soon make changes for the IDOR section and I will update you here and get your input as well.
As of now Edit/Modify Non-Sensitive Information IDOR is categorized as P5. Suppose I am editing a cross tenant record where I don't have the access, it is medium critical and it should have a higher severity.
If I'm editing/modifying a iterate Non-Sensitive Information, then the impact is much higher than we imagine. As per the vulnerability rating taxonomy, all IDOR's except Read Non-Sensitive Information should be having minimum priority of P4.
Please try to do immediate changes in the classification.