SS-2018-001: Privilege Escalation Risk in Member Edit form
- Low (?)
- Versions Affected:
- silverstripe/cms:^3.5.7, silverstripe/cms:^3.6, silverstripe/admin:^4.0
- Versions Fixed:
- silverstripe/cms:3.5.8, silverstripe/cms:3.6.6, silverstripe/admin:4.0.4, silverstripe/admin:4.1.1
- Release Date:
A member with the permission EDIT_PERMISSIONS and access to the "Security" section is able to re-assign themselves (or another member) to ADMIN level.
CMS Fields for the member are constructed using DirectGroups instead of Groups relation which results in bypassing security logic preventing privilege escalation.
Reported by: Worik Stanton