[Django] #29110: A user with change_permission for the User model can make themselves a superuser.

[Django]

#29110: A user with change_permission for the User model can make themselves a
superuser.
----------------------------------------------+------------------------
Reporter: Jonathan Sundqvist | Owner: nobody
Type: Bug | Status: new
Component: contrib.admin | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
----------------------------------------------+------------------------
The expected behaviour is that only a superuser should be able to make
others a superuser. The current behaviour is that you only need a
change_permission on the user table to get superuser access.

--
Ticket URL: <https://code.djangoproject.com/ticket/29110>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#29110: A user with change_permission for the User model can make themselves a
superuser.

------------------------------------+--------------------------------------

Reporter: Jonathan Sundqvist | Owner: nobody

Type: Bug | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: duplicate

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

------------------------------------+--------------------------------------
Changes (by Ramiro Morales):

* status: new => closed
* resolution: => duplicate

Comment:

Duplicate of #23559

--
Ticket URL: <https://code.djangoproject.com/ticket/29110#comment:1>