Summary by SamSazzad
Summary:
An Insecure Direct Object Reference (IDOR) vulnerability was identified in the team management feature of globe.gov. By manipulating the orgId parameter, an attacker could access member information — including email addresses and role details — from teams they were not part of.
This exposure could lead to unauthorized disclosure of Personally Identifiable Information (PII) and targeted phishing.