summaryrefslogtreecommitdiffstats
path: root/web/lib/aur.inc.php
diff options
context:
space:
mode:
authorcanyonknight <canyonknight@gmail.com>2012-11-29 22:54:30 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2012-11-29 23:23:12 +0100
commitec332bb7e6fcc589fb4c2cd3f4955768418feaeb (patch)
tree711255e2e58daea2d7817a3e9026d219cefc519d /web/lib/aur.inc.php
parent87fe4701cd2e84c70c080eade1c2a0f1ffa3c6d9 (diff)
downloadaur-ec332bb7e6fcc589fb4c2cd3f4955768418feaeb.tar.gz
aur-ec332bb7e6fcc589fb4c2cd3f4955768418feaeb.tar.xz
Fix account privilege escalation vulnerability
A check is only done to verify a Trusted User isn't promoting their account. An attacker can send tampered account type POST data to change their "User" level account to a "Developer" account. Add check so that all users cannot increase their own account permissions. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/aur.inc.php')
0 files changed, 0 insertions, 0 deletions