[Koha-bugs] [Bug 23634] Privilege escalation vulnerability for staff users with 'edit_borrowers' permission and 'OpacResetPassword' enabled
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Sep 3 10:25:49 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23634
--- Comment #76 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
I agree with this followup.. it makes a lot of sense to enforce a boolean
return as aposed to leaking the hash as has_permission does.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list