Vulnerabilities (Page 7)

Editing a User to Add Sensitive Scopes to a JWT

Had a JWT, and noticed functionality to invite a user to a group and then change their privileges, these privileges were reflected in the JWT scopes.Though modification of this edit user request additional scopes that were not displayed could be added, such as the company:operations and company:support scopes…

 
5
6
7
8
9
10
11