[CAUSEWAY-3740] [NOT A PROBLEM] Fix security perms to prevent users from adding themselves to a role just by guessing the role. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Not A Problem
Affects Version/s: 2.0.0
Fix Version/s: 2.1.0, 3.1.0
Component/s: None
Labels:
None

Description

While we currently do prevent users from adding a role to their ApplicationUser, we do not have a restriction to prevent a user from adding a user from an ApplicatoinRole. So if they were to guess what a role is, this might be a backdoor.

Attachments

Activity

People

Assignee:: Daniel Keir Haywood

Reporter:: Daniel Keir Haywood

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 09/May/24 16:05

Updated:: 3 days ago 14:13

Resolved:: 3 days ago 14:13