IV96796: User without access can delete a user via browser console


A user who does not have access to delete a user is able to do so by running a command in the console of the web browser.

Moving forward, a security vulnerability that could allow a user to perform actions that they may not have access to, has been resolved.

[Admin: To see other related posts, use the Vulnerability tag or CVE tag.]

Continue reading

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s