What Happened
The `DELETE /workspaces/{workspace_id}/members/{user_id}` endpoint in praisonai-platform is vulnerable to authorization bypass, allowing any member to remove any other member, including the workspace owner.Who Is Affected
Users of praisonai-platform are affected by this vulnerability.Severity & Impact
The severity of this vulnerability is high, with a CVSS score of 8.1. An attacker can use this vulnerability to permanently lock the legitimate owner out of their own workspace.Mitigation
The suggested fix includes changing the `require_workspace_member` to `_require_workspace_owner` and adding a check to prevent removing the last owner.