Unauthorized user granting access to Apps during new user creation
· 2 min read
Users without editor access to Apps could still create new users and grant them App access.
Affected Versions: 2.6 2.6.1
Fix Version: 2.7
Root cause(s)
During the recent enhancements in version 2.6 related to redesigning user access control in Apps, a validation step to verify user access for the App before granting permissions was inadvertently missed.
Impact
Any user with permission to create new users could grant access to Apps that they themselves do not have access to
Mitigation
Fix available
Fix is available in Amorphic version 2.7. Please upgrade to the latest version to resolve this issue.
Timeline
gantt
title Timeline
dateFormat YYYY-MM-DD
tickInterval 1day
axisFormat %b-%d
todayMarker off
section Tracker
%% update the ticket number and date of bug report
CLOUD-5003: done, 2024-10-13, 0d
section Identification
Reported: crit, des1, 2024-10-14, 0d
section Mitigation
%% Update number of days took for each step below
Bug Fixed: crit, done, 2024-10-14, 0d
section Delivery
%% update the date of each step below
testing complete: milestone, 2024-10-14, 0d
fix avaialble: milestone, 2024-10-14, 0d
- 2024-10-13: Bug reported/identified (CLOUD-5003)
- 2024-10-14: Bug triaged
- 2024-10-14: Bug fixed
- 2024-10-14: Testing completed
- 2024-10-14: Version 2.7 released with the fix