marzneshin icon indicating copy to clipboard operation
marzneshin copied to clipboard

Published 20 hours ago verified publisher icon khodedawsh

[BUG] non sudo admins can view service users count

Open m0x61h0x64i opened this issue 6 months ago • 0 comments

Current Behavior

by sending a GET request to [/api/services] as a non sudo admin u will notice that userIds of other admins are shown there. not a security issue but non sudo admin is not allowed to see other admins userIds or total service userIds

image

Expected Behavior

No response

Steps To Reproduce

No response

Screenshots

No response

Environment

Version: v0.4.0

Additional Context

No response

m0x61h0x64i avatar Aug 07 '24 09:08 m0x61h0x64i