connect.8x8.com: deactivated users remain access to /api/v1/users/UUID/roles
High
8
8x8 Bounty
Submitted None
Team Summary
Official summary from 8x8 Bounty
@emperor & @sharp488 reported to us a scenario where deactivated users remain access to `/api/v1/users/UUID/roles` within their own tenant. Our team utilised the insights from this report to work on additional access control protections, which resolved the reported issues.
Actions:
Reported by
emperor
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Access Control - Generic