Authenticated route bypass

Description

Some data returned are not well advertised in your schema

Remediation

Update your schema to match the real return types

Configuration

Identifier: access_control/auth_bypass

Examples

Ignore this check

{
    "checks": {
        "access_control/auth_bypass": {
            "skip": true
        }
    }
}

Score

• Escape Severity: LOW

  • OWASP: API2:2023

  • CWE