Nicolas_ICHAH | 2022-06-15 12:35:28 UTC | #1
Hello,
A pentest for an important customer reports a lack of rights verification with API /platform/api/v2/users. A low permission user can call this API to collect information on all other users. I've already open a case at customer care, support answers it is designed as well, but don't give any reason and reroute to this forum. Customer is not agreed (GDRP and so on), but if at least he knows the reason, maybe it could help.
Thanks and regards,
tim.smith | 2022-06-15 14:28:39 UTC | #2
Please continue to work with Genesys Cloud Care on this issue. Concerns around privacy and security must be addressed via Care. If you can share the case number, I can ask that it be escalated.
Nicolas_ICHAH | 2022-06-15 14:42:35 UTC | #3
Thanks Tim. Here's the number : 0003120730. I'll share this page to support.
Best regards,
John_Carnell | 2022-06-16 19:05:05 UTC | #4
This post was migrated from the old Developer Forum.
ref: 15158