Menu
▾
▴
Re: [Unity-idm-discuss] security issue for contents managers
|
From: Krzysztof B. <kb...@un...> - 2018-06-08 07:23:28
|
Hi Sadner, W dniu 06.06.2018 o 11:08, Sander Apweiler pisze: > Hi Krzysztof, > > I found a security issue for contents manages. If a users has > sys:AuthorizationRole Contents Manager, the user is able to "update" > his privileges and set the sys:AuthorizationRole to System Manager. > After a new login the user controls the whole system. > > IMHO the update of this attribute beyond the own role must be prohibit. > Yeah, you are right, opening a ticket for this. Thanks, Krzysztof |
