[GUACAMOLE-1856] Permission check for creating user groups is incorrect - ASF JIRA

Voters

Watch issue

Watchers

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Trivial
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.5.4
Component/s: guacamole-auth-jdbc
Labels:
None

Description

The permission check for creating user groups currently erroneously checks for the permission to create users. This should be corrected to reference the correct permission flag.

NOTE: While this logic error is goofy, it does not have security implications. A user with permission to create other users and the unintentional permission to create user groups would not be able to leverage that access to gain or grant any additional privileges:

A user cannot add users to a group unless they already have sufficient privileges to grant permissions to those users directly.
A user cannot grant any permissions to a group that they cannot already grant to a user.

Attachments

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Mike Jumper

Reporter:: Mike Jumper

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 26/Sep/23 23:58

Updated:: 27/Sep/23 16:01

Resolved:: 27/Sep/23 16:01

Agile

View on Board

Permission check for creating user groups is incorrect