All news with #web application tag

AAPB Fixes IDOR Bug That Exposed Restricted Media Files

🔒 A vulnerability in the American Archive of Public Broadcasting allowed protected and private media to be downloaded for years by abusing an IDOR flaw. A simple Tampermonkey script could alter media ID parameters in background fetch/XHR calls and bypass access controls, returning content instead of a '403 Forbidden'. The issue was reported to AAPB, confirmed by a spokesperson, and patched within 48 hours, but the full scope of prior access remains unknown.