- Affected version
- 2.0.6a
Steps to reproduce
The account does not see any navigational links except Tools.
When accessing data-portability/export, an error is being shown that the user does not have enough permissions
Actual Result
The account does not see any navigational links except Tools.
When accessing data-portability/export via direct URL, the data export form is being shown and I can successfully export any user.
This seems a serious issue to me as it basically allows any admin to get access to sensitive user data.
- Create a new admin but do not assign any admin permissions
- Log into backend with the newly created admin
The account does not see any navigational links except Tools.
When accessing data-portability/export, an error is being shown that the user does not have enough permissions
Actual Result
The account does not see any navigational links except Tools.
When accessing data-portability/export via direct URL, the data export form is being shown and I can successfully export any user.
This seems a serious issue to me as it basically allows any admin to get access to sensitive user data.
