As a manager, you should not be able to modify a series...
High severity
Unreviewed
Published
Feb 26, 2024
to the GitHub Advisory Database
•
Updated Feb 26, 2024
Description
Published by the National Vulnerability Database
Feb 26, 2024
Published to the GitHub Advisory Database
Feb 26, 2024
Last updated
Feb 26, 2024
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request
While this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level.
References