hi, i want to report a bug in the cf dashboard, under domain registration (is NOT a vulnerability)
could someone from the respective area dm?
3 Replies
Why does it need to be a DM if it's not a vulnerability?
okay, the needed scenario to happen apparently is to have access from the same logging to multiple Accounts (2 or more)
1. Select account A (the order doesn't mater could be random), then go to Domain Registration and the URL will be something like
https://dash.cloudflare.com/{UUID for account A}/domains and will show the lists of domains for user A
2. then either go directly and click the arrow or dropdown in the top of the nab to switch accounts, or keep browsing the User A dashboard and switch later,
3. Now that you are in the Dashboard for User B go again to Domain Registration, and the URL will be https://dash.cloudflare.com/{UUID for account B}/domains but the content will be for the user A, not user B
Apparently its just a bug of the ui that keeps the state, and just doesn't update it properly, but maybe this is happening in another areas when if the state its wrong its not that apparent, maybe keeping the state for account A switching to account B and sending a post request with the intended changes of account B but with the state of account A therefore changing it in the wrong account
it fixes refreshing the websiteI see, I will pass this on to the team, thanks