7. Broken Object-Level Authorization (BOLA)

7. Broken Object-Level Authorization (BOLA)

Tools fail to bind resource access to user identity, allowing horizontal privilege escalation.

Example:

GET /get_report?id=9231  # Returns another user's report

Mitigation: 

  • Token-bound resource checks
  • Alert on cross-tenant access
ON THIS PAGE