# Horizontal Privilege Escalation

- ID: javascript-horizontal-privilege-escalation
- Severity: CRITICAL
- CWE: Authorization Bypass Through User-Controlled Key (CWE-639)
- Languages: JavaScript, TypeScript
- Frameworks: express, fastify, nextjs, koa, hapi, nestjs

## Description

Detects when user-controlled input is used to access resources belonging to other users
at the same privilege level without verifying ownership.

## Detection Message

User-controlled input from {source} flows to {sink} without ownership verification.

## Remediation

Filter queries by authenticated user ID to verify ownership.

```javascript
const profile = await User.findOne({
  where: { id: req.params.userId, userId: req.user.id }
});
```

Learn more: https://shoulder.dev/learn/javascript/cwe-639/horizontal-privilege-escalation

## Documentation

[object Object]

## Related Rules

- **Horizontal Privilege Escalation** [HIGH]: 
- **Insecure Direct Object Reference (IDOR)** [HIGH]: 
- **Potential IDOR - Generic Data Access** [MEDIUM]: 
- **Insecure Direct Object Reference (IDOR)** [HIGH]: 
- **Potential IDOR - Generic Data Access** [MEDIUM]: