Unprivileged User with Read/Write permission to `User Access` can escalate their role to ADMIN — Privilege Escalation

  • Summary:
  • Description:
Role edit request
I changed the roleId to ADMIN

CVSS:

--

--

--

Web Security, 19, https://hackerone.com/ertugrul?type=user

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How To Use Controller Resources In REST To Gracefully Handle Complex Transactions

Structured logging in Spring Boot with Log4j2, Part 1: Context-enriched logs

Spinnaker by Example: Part 1

Flutter — Get started

GoDoRP: docker-compose for Development and Production

From GCM to FCM : The “Why and How” of Cloud Messaging Apps for Android

How An App Crash Made Us Build Another App — Story of Scriptified

Deep Dive into Web !

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ertugrul Ozdemir

Ertugrul Ozdemir

Web Security, 19, https://hackerone.com/ertugrul?type=user

More from Medium

WTF IS IDOR!?

Story of YouTube’s Unfixable Ads Bypass

File Upload to RCE

Open Redirection - QR Code Magic