Edit/Modify Non-Sensitive Information IDOR should be categorzed as P4

[georgedevasia0]

As of now Edit/Modify Non-Sensitive Information IDOR is categorized as P5. Suppose I am editing a cross tenant record where I don't have the access, it is medium critical and it should have a higher severity.

If I'm editing/modifying a iterate Non-Sensitive Information, then the impact is much higher than we imagine. As per the vulnerability rating taxonomy, all IDOR's except Read Non-Sensitive Information should be having minimum priority of P4.

Please try to do immediate changes in the classification.

[TimmyBugcrowd]

Thank you for your participation. We will soon make changes for the IDOR section and I will update you here and get your input as well.

[TimmyBugcrowd]

Hi,

After an internal discussion, this is what we came up in order to update the IDOR's:
#435

We're going to try this approach for some time and see what happens.