Vertical Privilege Escalation in praisonai-platform via PATCH /workspaces/{id}/members/{user_id}
A critical vulnerability was discovered in the praisonai-platform, allowing any workspace member to promote themselves or others to an owner via the PATCH /workspaces/{id}/members/{user_id} endpoint. This is due to insufficient role checks and improper use of the require_workspace_member dependency in the route.