Closed (outdated)
Project:
Invite
Version:
6.x-2.x-dev
Component:
Code
Priority:
Major
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
20 Jan 2012 at 16:26 UTC
Updated:
14 May 2020 at 22:54 UTC
Jump to comment: Most recent
Recently we had a near-miss security disaster due to the fact that the invite module's default behaviour is to assign the role of the inviter to the invitee. We had all users invited to our site by our developers with full admin access!
Comments
Comment #1
mdupontThat's an issue of the Invite module then.
Comment #2
ryan osītis commented