Summary by Polyxena
A Insecure Direct Object Reference (IDOR) vulnerability was identified in the Globe application, specifically within its team and organization creation functionalities. The flaw stems from inadequate validation mechanisms for the userId parameters in POST requests, where user IDs are not correctly verified against the session user's ID. As these IDs are numerical and can be iterated (e.g., 123231405), the vulnerability permits attackers to forge requests to create teams or organizations under any user's identity across the platform.