User can remove any member from the workspace
October 3, 2019
|Reported at||October 1, 2019|
|Weakness||CWE 284 - Improper Access Control|
A regular user can remove the target user from any workspace the target user is a member of, even if they are not in the same workspace at all. The third user who is not part of the same workspace as the target user successfully could remove the target user from the workspace where the target user was a regular member.