Is this bug another manifestation of the ubiquitous “confused deputy” problem that results from conflating authorization and authentication? (Trying to relate to some recent stuff I’ve read about the importance of “object capabilities”)