The vulnerability arises from the lack of proper access control checks in the endpoint responsible for updating organization details. Specifically, the checkAccess() function is not implemented, allowing any authenticated user to send a PATCH request to change the organization's name. This can lead to unauthorized modifications and potential misuse of organizational data.

An attacker with the lowest privilege role, such as a Prompt Editor, logs into the platform and obtains an authorization token. Using this token, the attacker sends a crafted PATCH request to the endpoint responsible for updating organization details. The request successfully changes the organization's name, which is then reflected across the platform wherever the organization's name is displayed.

All users of the platform, especially those with administrative responsibilities, are affected by this vulnerability. Any authenticated user, regardless of their role, can exploit this issue to change the organization's name.