๐ Tennessee Valley Authority: Incorrect Authorization leads to see other users Documents Uploaded
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Summary: Hi team, when user upload document, other user can see this docs only with link Steps To Reproduce: loign to portal with user A : https://qcn.mytva.com go to admin section and upload a document. {F2782891} click on link to see uploaded image. like {F2782892} login to portal with user B go to above url, we can see and download user A document. {F2782896} Impact any login user can see other user... ...