Sub-Dept User Can Add User's To Main Department.
Medium
L
Lark Technologies
Submitted None
Team Summary
Official summary from Lark Technologies
A vulnerability was found where users with permissions to manage the user section can add others outside of their department by changing the value of "department_id" to an empty value. We thank @imran_nisar for reporting this to our team.
Actions:
Reported by
imran_nisar
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Improper Privilege Management