Privilege Escalation to All-staff group
Medium
L
Lark Technologies
Submitted None
Team Summary
Official summary from Lark Technologies
A vulnerability was found where invited admins with only Company Info permissions were able to modify Staff group settings, including edit / access / delete all-staff, within the members and orgs tab. We thank @snapsec for reporting this to our team.
Actions:
Reported by
imran0x01
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic