R1Ck

**Name of the Vulnerable Software and Affected Versions** Kiteworks versions prior to 9.3.0 **Description** An Insecure Direct Object Reference (IDOR) issue in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users. This occurs because of insufficient authorization checks on resource ownership. IDOR is a type of access control flaw where an application provides direct access to objects based on user-supplied input. **Recommendations** Upgrade to version 9.3.0 or later.