Comment 4 for bug 1349491
Revision history for this message
| Thierry Carrez (ttx) wrote Re: Persistent XSS in the Host Aggregates interface | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
One question here is wheter there is such a thing as a "malicious administrator", and if that vulnerability really elevates privileges or gives the attacker information/rights he can't otherwise access. My understanding is that the admin user already has access to most of the assets mentioned ? Is this vulnerability giving him any extra access ? Like being able to impersonate users by stealing their creds ?