Levelup-for-Dynamics-CRM icon indicating copy to clipboard operation
Levelup-for-Dynamics-CRM copied to clipboard

Published 20 hours ago verified publisher icon rajyraman

Security vulnerability in the Level Up extension

Open adilsonassumpcao opened this issue 2 years ago • 2 comments

Dear,

I hope you well, and safe!

I need help with the Level Up extension.

Here at the company, we have identified that an end user has installed the Level Up extension on his machine, and even without administrative access rights but, he is able to use the extension normally... including God Mode.

I need help trying to block the use of the extension for users who are not Dynamics 365 administrators.

Can you help me?

Best regards,

Adilson Assumpção

adilsonassumpcao avatar Nov 22 '22 20:11 adilsonassumpcao

I have the same question

wahahababaozhou avatar Feb 24 '23 08:02 wahahababaozhou

I can help you guys... LevelUp for Dynamics is just an extension which executes Javascript code. Every user can execute the same code without having the extension installed from their browser. This means that the "vulnerability" is in your system and not in the extension.

BetimBeja avatar Feb 24 '23 08:02 BetimBeja