The summary is as follows: A vulnerability was discovered in the Yelp internal administration tool called "Tailored Mail" hosted on the subdomain https://proze.yelp.com/. The vulnerability allowed unauthenticated attackers to read the internal admin's full HTTP requests, sessions, and other sensitive information by accessing the error logging endpoint at /tmwebapi/elmah.axd. This was caused by a lack of proper object-level access control on the error logging…Read More