Hi @paulo.alves. Have you found a solution?
This allows for privilege escalation, where a user can get the token from an administrator and make a call to the endpoint without being an administrator using postman or similar.
Thanks,
Jerry
Hi @jerry.laster,
We are checking the user permissions for every single service using the Atlassian REST API.
Best,
Paulo Alves.
1 Like
Hi @paulo.alves ,
Which service are you using?
I used this and expanded operations and got an administer operation.