IV96796: User without access can delete a user via browser console


A user who does not have access to delete a user is able to do so by running a command in the console of the web browser.

Moving forward, a security vulnerability that could allow a user to perform actions that they may not have access to, has been resolved.

[Admin: To see other related posts, use the Vulnerability tag or CVE tag.]

Continue reading

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.