Easy privilege escalation from user preferences (MAGNOLIA-2388)

[MAGNOLIA-2392] Attempt to assign unallowed group or role corrupts user node Created: 24/Sep/08  Updated: 23/Jan/13  Resolved: 24/Sep/08

Status: Closed
Project: Magnolia
Component/s: admininterface
Affects Version/s: 3.6.2
Fix Version/s: 4.0

Type: Sub-task Priority: Major
Reporter: Jan Haderka Assignee: Jan Haderka
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:

 Description   

When user tries to assign themselves extra privileges without having proper right to do so, the user node gets corrupted and such user has to be deleted. Attempt to do so, should be logged, but user should not be locked out completely.



 Comments   
Comment by Jan Haderka [ 24/Sep/08 ]

resolved on trunk in r18271 and on 3.6 branch in r18272.

Generated at Mon Feb 12 03:36:16 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.