Edit Policy restriction does not prevent comments.
Medium
Vulnerability Details
- Change the edit policy of a Maniphest Task
- Attempt to comment on the the task with a user who doesn't have access
## Impact
Given a few users I spoke to believe restricting the edit policy blocks comments, This allows an underpriveleged user to gain access to carry out a restrcited action.
(Mongoose)
Actions
View on HackerOneReport Stats
- Report ID: 923759
- State: Closed
- Substate: informative
- Upvotes: 3