[NXP-10584] Prevent a poweruser from editing an administrators group or adding a user to an administrators group - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.6
Fix Version/s: 5.6.0-HF16, 5.7.1, 5.8.0-HF07, 5.9.2
Component/s: Update Center

Tags:

Description

Currently, a poweruser can promote himself to an administrator by adding himself to the administrators group. I would consider this a security bug.

See http://answers.nuxeo.com/questions/4419/should-powerusers-be-prevented-from-changing-an-administrators-group

Attachments

Issue Links

depends on

NXP-13686 Improve JSF validation helpers

Resolved

Activity

People

Assignee:

Damien Metzler

Reporter:

Ron ron

Participants:

Damien Metzler, Guillaume Renard, Jenkins, Ron ron

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

2012-12-03 13:37

Updated:

2019-11-25 17:14

Resolved:

2014-02-01 18:07

Time Tracking

Estimated:

4h

Remaining:

0m

Logged:

3h