Impact
A permission check fails and allows people to edit bots, servers and templates that they don't own and shouldn't have permission to edit.
Patches
This problem was fixed in version 5.0.1-Release which contained multiple other bug fixes including the security patch for this.
Workarounds
Inside of the project you can do a mass replace for req.user.db.assistant to req.user.db.rank.assistant.
For more information
If you have any questions or comments about this advisory:
carolinaisslaying Coordinator
TheMoksej Analyst
Impact
A permission check fails and allows people to edit bots, servers and templates that they don't own and shouldn't have permission to edit.
Patches
This problem was fixed in version
5.0.1-Releasewhich contained multiple other bug fixes including the security patch for this.Workarounds
Inside of the project you can do a mass replace for
req.user.db.assistanttoreq.user.db.rank.assistant.For more information
If you have any questions or comments about this advisory: