Описание
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request
While this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level.
Ссылки
- Patch
- Exploit
- Patch
- Exploit
Уязвимые конфигурации
EPSS
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request While this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level.
EPSS
7.1 High
CVSS3
8.8 High
CVSS3