Site icon API Security Blog

Missing Authorization

changedetection_io is vulnerable to Missing Authorization. The vulnerability is due to a missing annotation @auth.check_token on the WatchHistory API endpoint /api/v1/watch//history. This can allows an unauthorized actor to access the endpoint (without providing a x-api-key header) and and check a users watch…Read More

Exit mobile version