Ok - I played with this a little more locally and I don't think we have a true security vulnerability. I checked all of this with domain administrators and the filtering from the request is accounted for in authorization.
I think we're safe to open this up as a public filtering issue with the v3/role_assignments API.
Ok - I played with this a little more locally and I don't think we have a true security vulnerability. I checked all of this with domain administrators and the filtering from the request is accounted for in authorization.
I think we're safe to open this up as a public filtering issue with the v3/role_assignments API.
https:/ /gist.github. com/lbragstad/ df576b7552b751f ae16a35aa3c176b 3e