Thanks to visit codestin.com
Credit goes to github.com

Skip to content

A user who is only a member can see the Users tab, all users, and all groups #4550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sharkymark opened this issue Oct 14, 2022 · 2 comments
Closed

A user who is only a member can see the Users tab, all users, and all groups #4550

sharkymark opened this issue Oct 14, 2022 · 2 comments
Milestone
EE

Comments

@sharkymark
Copy link
Contributor

Version: v0.9.10+574e5d3

I created a user who is just a member, and belongs to 1 group.

When I log in as that user, they can access the Users UI, see all users, and all groups.

Seems like a violation of security.

image

image
@bpmct
Copy link
Member

bpmct commented Oct 14, 2022

Somewhat related: #4318. These both should probably be considered

@bpmct bpmct added this to the EE milestone Oct 14, 2022
@bpmct bpmct mentioned this issue Nov 10, 2022
Closed
21 tasks
@mtojek mtojek mentioned this issue Nov 28, 2022
Closed
@bpmct
Copy link
Member

bpmct commented Nov 30, 2022

Closing in favor of #5002

@bpmct bpmct closed this as not planned Won't fix, can't repro, duplicate, stale Nov 30, 2022
@Emyrk Emyrk mentioned this issue Jul 10, 2023
Closed
@matifali matifali mentioned this issue Jul 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
EE
Development

No branches or pull requests
2 participants
@sharkymark @bpmct