CVE-2023-45228

The application suffers from improper access control when editing users.
A user with read permissions can manipulate users, passwords, and
permissions by sending a single HTTP POST request with modified
parameters.

Source: CVE-2023-45228