Unauthorized Post Creation Across Organizations #1959
Comments
|
|
|
I'd like to work on this issue. |
|
Been busy working on PalisadoesFoundation/talawa-admin#1676 will take up #1959 soon. |
|
This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue. |
|
Unassigning no activity |
|
Can I work on this? @palisadoes @Cioppolo14 |
|
|
@SiddheshKukade Please assist with the plugin question |
|
After searching a bit, I found a mutation named |
|
there is a mutation called blockPluginCreationBySuperAdmin, and I feel after the userType merge, it has been handled. |
As the name suggests, it can only be done by |
Describe the bug
I observed that changing the organizationId parameter allows a user to create a post in an organization to which they do not belong. This behavior poses a security risk as it allows unauthorized access to post creation across different organizations.
To Reproduce
Steps to reproduce the behavior:
createpost_owatu8Yf.mp4
Screenshots
If applicable, add screenshots to help explain your problem.
Additional details
Add any other context or screenshots about the feature request here.
Potential internship candidates
Please read this if you are planning to apply for a Palisadoes Foundation internship PalisadoesFoundation/talawa#359
The text was updated successfully, but these errors were encountered: