A user is capable of assigning him/herself to arbitrary...
High severity
Unreviewed
Published
Aug 4, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Aug 3, 2023
Published to the GitHub Advisory Database
Aug 4, 2023
Last updated
Apr 4, 2024
A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges.
References