Let's consider the following scenario. A machine that is scoped to two environments: Env1, Env2 and an authenticated user that has access to Env1 and Env3. The user can add Env3 to the machine scope even though they don't have access to Env2.
CVE-2017-17665
The text was updated successfully, but these errors were encountered:
This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.
lockbot
locked as resolved and limited conversation to collaborators
Nov 24, 2018
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
None yet
2 participants
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.
Let's consider the following scenario. A machine that is scoped to two environments: Env1, Env2 and an authenticated user that has access to Env1 and Env3. The user can add Env3 to the machine scope even though they don't have access to Env2.
CVE-2017-17665The text was updated successfully, but these errors were encountered: