Bibek Subedi
Hi Bibek,
Issue: Unauthorized User Data Access
An API endpoint allows fetching user details without proper authorization checks. The exposed data includes username, display name, avatar URL, join time, discussion count, and group memberships.