Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: High
Component/s: User - Legacy
Labels:
- migrated

Bug Fix Policy:
View Atlassian Cloud bug fix policy

Description

Hello,

I believe it's possible to gain admin access to any account which hasn't got a 'premium' subscription.

Fairly simple really, generate a invoice link to upgrade their account. The email addresses you provide automatically gain admin access to the associated account without any authorisation from the origin account.

While it leaves a fairly good audit trail (unless you're using a stolen CC) it should allow you to escalate rights on any account.

Hopefully I'm wrong

Attachments

Activity

People

Assignee:: evzijst

Reporter:: Miles Burton

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 09/Mar/2013 8:13 PM

Updated:: 26/Mar/2013 1:03 AM

Resolved:: 26/Mar/2013 1:03 AM