a basic user can escalate his privileges using a known exploit.
salmankhwaja opened this issue · comments
a basic user can escalate his privileges using a known exploit.
How to Reproduce
-Edit the Profile of a User
-Tamper the Admin Parameter
-For further clarification, please follow the evidences
Which version did you test ? I think this was fixed in 0.14.9: https://github.com/pantsel/konga/blob/0.14.9/api/policies/updateUser.js#L40-L63