Broken Object Level Authorization
GPTKB entity
Statements (25)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security
|
| gptkbp:alsoKnownAs |
gptkb:BOLA
|
| gptkbp:category |
Access Control Vulnerability
|
| gptkbp:cause |
Missing or improper authorization checks
|
| gptkbp:commonIn |
gptkb:REST_APIs
gptkb:GraphQL_APIs Web applications |
| gptkbp:describedBy |
gptkb:OWASP_Top_10
|
| gptkbp:example |
User can access another user's data by modifying object ID in request
|
| gptkbp:firstDescribed |
gptkb:OWASP
|
| https://www.w3.org/2000/01/rdf-schema#label |
Broken Object Level Authorization
|
| gptkbp:impact |
Data breach
Loss of confidentiality Regulatory non-compliance |
| gptkbp:mitigatedBy |
Implement proper authorization checks
Do not rely solely on user input for object references Use object-level access control |
| gptkbp:owaspTop10Category |
A1:2021 - Broken Access Control
|
| gptkbp:relatedTo |
Insecure Direct Object Reference
|
| gptkbp:riskFactor |
Privilege escalation
Data leakage Unauthorized access to data |
| gptkbp:testedBy |
Tamper with object identifiers in API requests
|
| gptkbp:bfsParent |
gptkb:OWASP_API_Security_Top_10
|
| gptkbp:bfsLayer |
7
|