GHSA-vmr3-wr3f-xmpw
GitHub Security Advisory
⚠ Unreviewed
HIGH
Has CVE
Advisory Details
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request
While this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level.
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: July 9, 2025 6:27 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.