Horizon Alert
Summary of the vulnerability and why it matters
This vulnerability allows authenticated users to access sensitive data of other companies by manipulating a company ID. It affects backend systems that handle company data and could lead to unauthorized access to customer billing information and modification of third-party data.
- Authenticated users can access other companies' data.
- Sensitive customer data access and modification possible.
- Confirm relevance and exposure to other tenants.
Attack Path
How an attacker could exploit the issue
An attacker who can authenticate to the application can exploit this vulnerability by sending a crafted POST request. By manipulating the `company ID` parameter in this request, the attacker can bypass authorization checks and gain access to data belonging to other companies sharing the same subdomain environment. This could expose sensitive customer information and allow unauthorized modification of data.
- Attacker needs prior authentication.
- Manipulated POST request with company ID.
- Unauthorized access to other tenants' data.
Live Threat
Current exploitation, exposure, and threat context
An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorized access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user’s session, resulting in a cross-tenant authorization bypass. If this vulnerability is successfully exploited, it allows unauthorized access to sensitive customer information, including billing data, and may enable the unauthorized modification of third-party data.
- Billing data could be exposed.
- Company ID manipulation by authenticated user.
- Unauthorized access to other companies' data.
Operational Fix
Recommended remediation, mitigation, and detection steps
This vulnerability impacts multi-tenant applications, meaning platform or infrastructure teams are likely responsible for the underlying environment, while application owners must verify the specific code handling company IDs. The immediate priority is to identify all instances of the affected application, assess their exposure and business criticality, and then coordinate remediation efforts with relevant teams and potentially vendors.
- Platform and Application teams own remediation.
- Verify reachability and business criticality.
- Plan risk-based remediation and vendor coordination.