Closed ProgrammerDan closed 8 years ago
Currently Link is only checking subgroup permission: https://github.com/Civcraft/NameLayer/blob/master/NameLayerMain/src/vg/civcraft/mc/namelayer/command/commands/LinkGroups.java#L63
This means that a MEMBER on a group could "link" a group on which he's OWNER. This will cause issues, and is the source of a trivial exploit to functionally elevate one's own permissions.
Fixed with https://github.com/Civcraft/NameLayer/pull/191
Maxopoly
commented
8 years ago
Currently Link is only checking subgroup permission: https://github.com/Civcraft/NameLayer/blob/master/NameLayerMain/src/vg/civcraft/mc/namelayer/command/commands/LinkGroups.java#L63
This means that a MEMBER on a group could "link" a group on which he's OWNER. This will cause issues, and is the source of a trivial exploit to functionally elevate one's own permissions.