An application-side re-auth session bypass vulnerability has been discovered in the official Heroku API and web-application service. The vulnerability allows an attacker to request unauthorized information without the second forced re-authentication module.
c42e20e6af494c024a32d6288be639d91cf860dcc07122b0e4ede8924d4698c8