Discussion Forum

timbuckingham

Administrator

From: Baltimore, MD

Registered: April 2, 2012

Posts: 978

Security Advisory for BigTree 4.1.4 and BigTree 4.0.8 and lower.

A vulnerability exists in the updateUser (and potentially createUser through type inference) that allows a user with Administrator level access to escalate his or her level (or another user's level) to Developer status.

BigTree 4.0.9 and 4.1.5 fix this vulnerability and are recommended for all users of the relevant branches.