Shopping Cart

No products in the cart.

Quality Clouds Community
Quality Clouds Community

REST API Resource Modifying Data Without Authentication Check – No Author

< 1 min read

Impact Area

Security

Severity

High

Affected Element

N/A

Rule ID #

SN-RESTAPI_DATAMOD_NO_AUTHOR

Impact #

Defining a REST API Resource with a data modification verb (POST/DELETE/PATCH) without authorization restrictions via ACLs is a security risk, as it allows any user with login credentials to modify data in your instance.

Remediation #

Ensure that all REST API Resources which can modify data have authentication and authorization checks enabled.

Time to fix #

10 min

Updated on March 21, 2025
Table of contents
Was it helpful ?

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups

Please allow a few minutes for this process to complete.

Report

You have already reported this .