Verified. This is a critical issue as it allows any authenticated user to escalate to admin privileges. However, it is mitigated somewhat by the fact that the attacker needs to know or guess the UUID of the admin user and admin project, or the UUIDs of the user and project they are trying to impersonate.
Verified. This is a critical issue as it allows any authenticated user to escalate to admin privileges. However, it is mitigated somewhat by the fact that the attacker needs to know or guess the UUID of the admin user and admin project, or the UUIDs of the user and project they are trying to impersonate.