Description

Sensitive information such as customer or providers lists, emails, phone numbers or identifiers can be obtained from the application.

Impact

Obtain sensitive information to craft new attack vectors.

Recommendation

Implement security controls to ensure that the leaked information can be accessed only by authenticated and authorized users.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes