Improper Authorization
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be both or greater and deployed with the non-default –multi_tenant_domain option. This can result in read/write access to private data such as software vulnerability and crash …