SS-2015-020: Privilege Escalation Risk in Security Admin
- Low (?)
- Versions Affected:
- Versions Fixed:
- 3.1.14 stable
- Release Date:
A member with the permission EDIT_PERMISSIONS is able to re-assign themselves (or another member) to ADMIN level.
Code to protect against this used to be in the TreeMultiselectField, but has since been replaced with the ListboxField. The actual check this invoked was in Member::onChangeGroups.
Thanks to Florian Thoma for reporting.