This SIMPLE vulnerability in Shopify earned a $2500 bug bounty

Don’t forget to check for user access rights

Summary

One of the most common vulnerabilities occur when a user is able to access something to which they are should not have access. If a malicious actor exploits this vulnerability and accesses confidential information of others, this can cause a leak of sensitive data. This is a form of vulnerability called information disclosure, and it can take many forms.