Skip to content

Contradictory risk classification for "Unsafe Consumption of APIs" #123

Open
@mtausig

Description

@mtausig

The Exploitability of API10:2023 is graded with the highest rating of easy.
At the same time, the corresponding textual explanation actually tells the opposite, that exploitation of this should be rather hard:

Exploiting this issue requires attackers to identify and potentially compromise other APIs/services the target API integrated with. Usually, this information is not publicly available or the integrated API/service is not easily exploitable.

Metadata

Metadata

Assignees

No one assigned

    Labels

    2023bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions