Smitshah1518

**Name of the Vulnerable Software and Affected Versions** oqtane Framework version 6.0.0 **Description** An IDOR (Insecure Direct Object Reference) issue exists, allowing a logged-in user to access inbox messages of other users by manipulating the `notification ID` in the request URL. By changing the `notification ID`, an attacker can view sensitive mail details belonging to other users. **Recommendations** For oqtane Framework version 6.0.0, consider restricting access to the inbox messages feature until a patch is available, or implement additional validation to ensure that users can only access their own inbox messages. As a temporary workaround, avoid using the `notification ID` in the affected API endpoint until the issue is resolved.