CVE-2024-0439
Severity:
HIGH
Type:
CWE-269
Improper Privilege Management
Publication date:
26/02/2024
Last modified:
26/02/2024
Description
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request<br />
<br />
While this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH