Easy privilege escalation from user preferences
(MAGNOLIA-2388)
|
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | admininterface |
| Affects Version/s: | 3.6.2 |
| Fix Version/s: | 4.0 |
| Type: | Sub-task | Priority: | Major |
| Reporter: | Jan Haderka | Assignee: | Jan Haderka |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Description |
|
When user tries to assign themselves extra privileges without having proper right to do so, the user node gets corrupted and such user has to be deleted. Attempt to do so, should be logged, but user should not be locked out completely. |
| Comments |
| Comment by Jan Haderka [ 24/Sep/08 ] |
|
resolved on trunk in r18271 and on 3.6 branch in r18272. |