Is the following is considered a vulnerability ?
I have a found a endpoint in a platform , where you can get users info like profile name and picture , by just inputting a email if it belongs to that platform , it will show this details .
By default , the platform does not have any policy to share profile name and photos unless the user explicitly shares it .