TL;DR: Lower-tier role can invoke a function reserved for a higher tier (admin endpoints, role-only methods).

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References

• https://owasp.org/API-Security/editions/2023/en/0xa5-broken-function-level-authorization/