Vendor
Ech0 scoped access tokens do not reliably enforce least privilege, leading to privilege escalation and data exfiltration by allowing low-scope admin tokens to access broader admin functionality, including backup exports.