Impact
Everyone who is running a12n-server.
A new HAL-Form was added to allow editing users. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change.
Patches
Patched in v0.18.2
References
Are there any links users can visit to find out more?
Impact
Everyone who is running a12n-server.
A new HAL-Form was added to allow editing users. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this change.
Patches
Patched in v0.18.2
References
Are there any links users can visit to find out more?