hyperswitch-control-center icon indicating copy to clipboard operation
hyperswitch-control-center copied to clipboard

Published 20 hours ago verified publisher icon juspay

[BUG] Customer Support role user has full access to connectors

Open whiteagle3k opened this issue 6 months ago • 0 comments

Bug Description

Summary

Customer Support role user has full access to connectors, being able to see the configured API keys, enable/disable, update details.

PoC

Just access with CS role user to the "Processors" area

Impact

Connector api keys are exposed, may lead to misbehave by the not authorized user.

Expected Behavior

Access Forbidden for entire area of "Processors"

Actual Behavior

Providing full access

Steps To Reproduce

Provide an unambiguous set of steps to reproduce this bug. Include code or configuration to reproduce, if relevant.

  1. Go to 'Processors' with CS role

Context For The Bug

No response

Have you spent some time checking if this bug has been raised before?

  • [X] I checked and didn't find a similar issue

Have you read the Contributing Guidelines?

Are you willing to submit a PR?

None

whiteagle3k avatar Jan 10 '24 16:01 whiteagle3k