Users can create groups without being allowed to via GitHub import
- Title: Users can create groups without being allowed to
- Types: Privilege Escalation
- Link: https://hackerone.com/reports/163349
- Date: 2016-08-25 09:32:22 -0500
- By: skylarkelty
If I import from Github, it takes the username as a group name. This means if I create any user in Github with the group name I want, I can then import a blank project from this user and the group is created for me! Our admins don't like this.