Bug: Nitro Booster role has admin permissions
RéponduOccasionally, when a person uses a Nitro Server Boost, the Nitro Booster role is generated with permissions different from the @everyone role, sometimes resulting in the role gaining administrator status.
Occurrence 1 (heard second-hand):
- A Nitro user boosted a server.
- Their name appeared in channels for which they previously did not have read permissions.
- Nitro Booster role was edited to remove those permissions.
As far as I can tell, they were the first to boost in that server.
Occurrence 2 (experienced first-hand):
- A user with an admin-style role boosted a server.
- I boosted the same server.
- I found out nearly 24 hours later that I had kick / ban privileges.
- I found that I had Server Settings available, so checked the Nitro Booster role.
- The Nitro Booster role had Administrator privileges checked.
- I informed the admins and they properly reset the permissions.
Note: The Nitro Booster permissions did not match the permissions of the role of the one who first boosted the server. When I viewed, the other user's role had Administrator, Kick, and Ban privileges all checked. Nitro Booster, however, had Aministrator checked, and Kick and Ban unchecked. (I didn't view all privileges, just enough to notice the distinction.)
This could be a pretty major security issue and should be addressed ASAP if possible.
-
Commentaire officiel
Hi, sorry you're having this problem. If you'd like help in troubleshooting your issue, please fill out this form: https://dis.gd/contact However, since this website is for suggestions on new features to add to Discord I'm closing out this ticket as invalid.
Cette publication n’accepte pas de commentaire.
Commentaires
1 commentaire