Resolve #2060 by adding verification requirement for multi-tenant sys…

…tems. (#2070) * Update 0x12-V4-Access-Control.md Add verification requirement for multi-tenant systems. * Update CWE --------- Co-authored-by: Josh Grossman <[email protected]>
OWASP · Sep 11, 2024 · 3e38915 · 3e38915
1 parent 41401fd
commit 3e38915
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/5.0/en/0x12-V4-Access-Control.md b/5.0/en/0x12-V4-Access-Control.md
@@ -26,6 +26,7 @@ Access control deficiencies are unlikely to be discovered using generic automate
 | :---: | :--- | :---: | :---: | :---: | :---: |
 | **4.2.1** | Verify that sensitive data and APIs are protected against Insecure Direct Object Reference (IDOR) attacks targeting creation, reading, updating and deletion of records, such as creating or updating someone else's record, viewing everyone's records, or deleting all records. | ✓ | ✓ | ✓ | 639 |
 | **4.2.2** | [MOVED TO 50.3.1] | | | | |
+| **4.2.3** | [ADDED] Verify that multi-tenant applications use cross-tenant controls to ensure user operations will never affect tenants with which they do not have permissions to interact. | ✓ | ✓ | ✓ | 283 |
 
 ## V4.3 Other Access Control Considerations