Version Information
dev
Hashcat
No response
Description
at the edit wordlist page(http://localhost:4200/#/files/100/wordlist-edit). I can select accessgroups that my user is not part of. Even worse, the API will accept the patch request and allow this, so this also needs validation at the API side. This should be solved by checking the permissions in the file utils.
And while creating a task, i can select files from accessgroups i am not part of.
Version Information
dev
Hashcat
No response
Description
at the edit wordlist page(http://localhost:4200/#/files/100/wordlist-edit). I can select accessgroups that my user is not part of. Even worse, the API will accept the patch request and allow this, so this also needs validation at the API side. This should be solved by checking the permissions in the file utils.
And while creating a task, i can select files from accessgroups i am not part of.