- changed status to resolved
Domain admins can self-promote as system admin
Issue #918
resolved
- Version 2.3.5 PRO # 1628
Domain administrators are able to promote themselves as system administrators.
“Save” button returns 403 error, but system administrator role gets applied to the user.
This is security critical issue. Hopefully it will be fixed soon.
Comments (3)
-
repo owner -
repo owner fix
#918forbid domain admin manipulate rights→ <<cset 29c6826dd9d1>>
-
repo owner fix
#918forbid domain admin manipulate rights→ <<cset 29c6826dd9d1>>
- Log in to comment
fix
#918forbid domain admin manipulate rights→ <<cset 29c6826dd9d1>>