So, is there a scenario where this bug can be used to gain access that wouldn't be allowed otherwise ? It seems like even though the user can impersonate admin username, it still keeps his user id and authorizations.
So, is there a scenario where this bug can be used to gain access that wouldn't be allowed otherwise ?
It seems like even though the user can impersonate admin username, it still keeps his user id and authorizations.