A staff without export customers permissions can still export customers CSV file

Disclosed: 2020-09-15 04:42:29 By ryat To shopify

Unknown

Vulnerability Details

Steps To Reproduce: 1. Login as staff without export customers permissions but with customers permissions. 2. Go to customers pages, you can still export customers CSV file. {F805311} {F805312} {F805313} ## Impact A staff without export customers permissions can still export customers CSV file.

Actions

View on HackerOne

Report Stats

Report ID: 860197
State: Closed
Substate: resolved
Upvotes: 8

A staff without export customers permissions can still export customers CSV file

Vulnerability Details

Actions

Report Stats

Share this report