An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application. Referenceshttps://www.tenable.com/security/tns-2023-29
