1. CRITICAL SECURITY BUG: Any Employee Can Reject Any Leave Application Due to Missing Authorization Check
A critical security vulnerability has been exposed in a leave management system, allowing any authenticated employee to reject any leave application across the entire organization. The flaw was discovered during end-to-end testing, where an employee with ID 527 successfully rejected a leave application owned by a colle...