This page collects WhisperX intelligence signals tagged #Broken Access Control. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security flaw has been flagged in the `arubis/railsgoat-vulnerability-demo` repository, exposing a high-severity mass assignment vulnerability. The issue, automatically detected by the RSOLV security scanner, centers on line 50 of the `app/controllers/users_controller.rb` file. The controller uses `params.re...
A broken access control vulnerability in the chart export endpoint allows low-privilege users to retrieve chart configurations—including embedded database credentials—belonging to other users. The flaw affects `GET /api/v1/chart/export/`, which accepts a list of chart IDs via the `q` parameter. While the endpoint valid...