Profile of disabled user stays accessible
Low
Vulnerability Details
Userprofiles of disabled users keep staying accessible. on DOMAIN/u/USERID
This is quite undesirable as this user has no way to clear or modify this data in case they do not want it exposed anymore.
I'd assume profiles of disabled users would not be visible to ensure they can always be in control of their own data.
## Impact
exposure of user info that they can't control anymore.
Actions
View on HackerOneReport Stats
- Report ID: 1675014
- State: Closed
- Substate: resolved
- Upvotes: 23