A critical authorization bypass vulnerability (CVSS 9.1) in Dify that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership, enabling cross-tenant data exfiltration.
A critical authorization bypass vulnerability (CVSS 9.1) in Dify that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership, enabling cross-tenant data exfiltration.