Broken Object Level Authorization
GPTKB entity
Statements (25)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:security
|
gptkbp:alsoKnownAs |
gptkb:BOLA
|
gptkbp:category |
Access Control Vulnerability
|
gptkbp:cause |
Missing or improper authorization checks
|
gptkbp:commonIn |
gptkb:REST_APIs
gptkb:GraphQL_APIs Web applications |
gptkbp:describedBy |
gptkb:OWASP_Top_10
|
gptkbp:example |
User can access another user's data by modifying object ID in request
|
gptkbp:firstDescribed |
gptkb:OWASP
|
https://www.w3.org/2000/01/rdf-schema#label |
Broken Object Level Authorization
|
gptkbp:impact |
Data breach
Loss of confidentiality Regulatory non-compliance |
gptkbp:mitigatedBy |
Implement proper authorization checks
Do not rely solely on user input for object references Use object-level access control |
gptkbp:owaspTop10Category |
A1:2021 - Broken Access Control
|
gptkbp:relatedTo |
Insecure Direct Object Reference
|
gptkbp:riskFactor |
Privilege escalation
Data leakage Unauthorized access to data |
gptkbp:testedBy |
Tamper with object identifiers in API requests
|
gptkbp:bfsParent |
gptkb:OWASP_API_Security_Top_10
|
gptkbp:bfsLayer |
7
|