Thank you for supporting the Cloud Customer Connect Community in 2024. It's a gift to work with you!

Look back
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register
Get Started with Redwood for Oracle Cloud HCM   Begin Now
To ensure that questions get required attention from community members and are NOT left unanswered, it’s important for the author to indicate (by selecting “Yes” or “No” when prompted) whether the question was answered. (newly added) Please note that it is also important to respond to EACH comment your question receives. Your Yes or No response ensures an accurate status for your question.

For more information, please refer to this announcement explaining best practices for getting answers to questions.

URL Security Flaw with Hiring Manager Settings

edited Dec 14, 2022 6:19AM in Taleo Business Edition (TBE) 2 comments

Summary

URL Security Flaw with Hiring Manager Settings

Content

A hiring manager who has access to his personal requisition was "testing" access points by playing with the URL code within the TBE platform and entered a new number in the URL which brought up a requisition that only another hiring manager or the Administrator would have access to and the requisition was not posted or approved. As a candidate himself, he was able to see candidates within a position he had applied to and can navigate around the system now by plugging in new numbers within the URL that correspond to the requisition numbers posted on our website. This

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!