analogic / MailServer / issues / #918 - Domain admins can self-promote as system admin — Bitbucket

Issue #918 resolved

Ilkka Myller created an issue 2022-01-09

Version 2.3.5 PRO # 1628

Domain administrators are able to promote themselves as system administrators.

“Save” button returns 403 error, but system administrator role gets applied to the user.

This is security critical issue. Hopefully it will be fixed soon.

domainadmin_privileges.png

Comments (3)

SH repo owner
- changed status to resolved
fix ~~#918~~ forbid domain admin manipulate rights

→ <<cset 29c6826dd9d1>>
- 2022-01-10T08:12:29+00:00
SH repo owner
fix ~~#918~~ forbid domain admin manipulate rights

→ <<cset 29c6826dd9d1>>
- 2022-01-10T08:17:10+00:00
SH repo owner
fix ~~#918~~ forbid domain admin manipulate rights

→ <<cset 29c6826dd9d1>>
- 2022-01-10T08:43:51+00:00
Log in to comment

Assignee: –

Type: bug

Priority: critical

Status: resolved

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!