Program admins could add verified domains to an organization

in hackerone according to the documentation https://docs.hackerone.com/en/articles/8490190-domain-verification only an organization admin could add verified domain .but there is an bypass. steps to reproduce: 1. create an sandbox 2.remove org admin permission(you must add program admin permission before removing org admin) 3. go to the url https://hackerone.com/<program you are admin of>/domain_ownerships/new 4.from there you will be able to add verified domain in the org ## Impact access of restricted feature privilage escalation