Insecure Direct Object Reference

ID: VUL-003 • Severity: Medium • Category: Access Control

Vulnerability Details

Identifiers

ID:

VUL-003

CWE:

CWE-284

CVSS:

6.5

Classification

Severity:

Medium

Status:

Fixed

Category:

Access Control

False Positive:2.0%

Location

File:src/routes/profile.js

Line:15

Description

An IDOR vulnerability was detected in the user profile endpoint. The application does not verify if the requesting user has permission to access the requested profile.

Timeline

Detected:Dec 10, 2023, 9:15 AM

Fixed:Dec 11, 2023, 9:15 AM

Risk Assessment

Calculated risk score and contributing factors

Overall Risk Score

10.0/10

Critical risk - immediate remediation recommended

Contributing Factors

Severity5/10

Medium severity vulnerabilities can pose moderate security risks

Exploitability6/10

Access Control vulnerabilities are moderately exploitable

False Positive Likelihood10/10

2% chance this is a false positive

Vulnerable Code

10app.get('/api/profile/:userId', (req, res) => {
11  const userId = req.params.userId;
12  const profile = getProfileById(userId);
13  res.json(profile);
14});

AI Fix Suggestions

Let AI generate multiple fix suggestions for this vulnerability

Generate AI Fix Suggestions

Our AI can analyze this vulnerability and suggest multiple approaches to fix it, tailored to your codebase and security requirements.