github.com/drakkan/sftpgo is vulnerable to Insecure Direct Object Reference (IDOR). The vulnerability is due to the lack of proper security measures such as JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms. The vulnerability allows an attacker with a valid intercepted token to access other users’ files and directories by manipulating URL…Read More