Non privileged user is able to approve his own app himself leading to mass privilege escalations.
High
L
Lark Technologies
Submitted None
Team Summary
Official summary from Lark Technologies
A privilege escalation vulnerability was identified in Lark which could have potentially allowed an attacker to approve the apps in the same tenant by bypassing the admin approval. We thank @imran_nisar for reporting this to our team.
Actions:
Reported by
imran_nisar
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Privilege Escalation