Admin any org can get tokens or cert from another org

casdoor / casdoor

An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, RADIUS, Google Workspace, Active Directory and Kerberos

https://casdoor.org

Apache License 2.0

9.2k stars 1.08k forks source link

Admin any org can get tokens or cert from another org #3003

Open ISulimanov opened 2 weeks ago

ISulimanov commented 2 weeks ago

By Idea org admin has access only own organization but via api/get-tokens?owner=admin or api/get-global-certs?owner=admin he can get token or certs (not shared) from another org.

casbin-bot commented 2 weeks ago

@tangyang9464 @JalinWang @imp2002