Hi, My organization pen-tested a Guacamole instance (version 1.5.3). One of the findings is related to "OWASP – Broken Access Control" http://www.owasp.org/index.php/Broken_Access_Control
When the user group is configured without any permissions the user should be able to execute connections without rights to view connections parameters. When I open the following paths being just part of a group without permissions I can view the connection details. I'm not able to modify it. Is it a bug or feature? /#/manage/mysql/connectionGroups/1 /#/manage/mysql/connections/ /#/manage/mysql/connectionGroups/ Guacamole 1.5.3 Running as serves on Ubuntu 22.04. SAML integration with Azure AD
