Get Demo
An authenticated user without user-management permissions could view other users account information.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.