Security vulnerability in the Level Up extension

rajyraman / Levelup-for-Dynamics-CRM

Chrome, Edge Chromium and Firefox Extension for Dynamics CRM/365/Power Apps Power users

MIT License

195 stars 69 forks source link

Security vulnerability in the Level Up extension #239

Open adilsonassumpcao opened 1 year ago

adilsonassumpcao commented 1 year ago

Dear,

I hope you well, and safe!

I need help with the Level Up extension.

Here at the company, we have identified that an end user has installed the Level Up extension on his machine, and even without administrative access rights but, he is able to use the extension normally... including God Mode.

I need help trying to block the use of the extension for users who are not Dynamics 365 administrators.

Can you help me?

Best regards,

Adilson Assumpção

wahahababaozhou commented 1 year ago

I have the same question

BetimBeja commented 1 year ago

I can help you guys... LevelUp for Dynamics is just an extension which executes Javascript code. Every user can execute the same code without having the extension installed from their browser. This means that the "vulnerability" is in your system and not in the extension.