[GH-ISSUE #1218] Users are affected by organization policies from orgs they are not in #17634

New Issue

Closed

opened 2026-04-25 19:53:58 -05:00 by GiteaMirror · 1 comment

GiteaMirror commented 2026-04-25 19:53:58 -05:00

Owner

Copy Link

Originally created by @aveao on GitHub (Nov 7, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1218

Subject of the issue

Organization policies are (incorrectly) applied to users that are not part of them

Your environment

• Bitwarden_rs version:
  Server Installed Ok
  1.17.0
  Server Latest
  1.17.0
  Web Installed Ok
  2.16.1
  Web Latest
  2.16.1

• Install method: Docker

• Clients used: Web and Browser

• Other relevant information: None

Steps to reproduce

• Create two users, user A and B
• Have user A create an org A
• Have user A place an org policy on org A
• Notice that user B also has these policies applied:

Expected behaviour

Only user A (and other members of this organization) should have these policies

Actual behaviour

All users are affected by these policies

Relevant logs

Originally created by @aveao on GitHub (Nov 7, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1218 ### Subject of the issue Organization policies are (incorrectly) applied to users that are not part of them ### Your environment * Bitwarden_rs version: Server Installed Ok 1.17.0 Server Latest 1.17.0 Web Installed Ok 2.16.1 Web Latest 2.16.1 * Install method: Docker * Clients used: Web and Browser * Other relevant information: None ### Steps to reproduce - Create two users, user A and B - Have user A create an org A - Have user A place an org policy on org A - Notice that user B also has these policies applied: ### Expected behaviour Only user A (and other members of this organization) should have these policies ### Actual behaviour All users are affected by these policies ### Relevant logs     

GiteaMirror closed this issue 2026-04-25 19:53:59 -05:00

GiteaMirror commented 2026-04-25 19:53:59 -05:00

Author

Owner

Copy Link

@aveao commented on GitHub (Nov 7, 2020):

We've both verified this on a test instance and had this be done to our public instance by a rogue-seeming user. We are unable to delete the rogue organization and user directly through bitwarden_rs due to #936.

<!-- gh-comment-id:723490672 --> @aveao commented on GitHub (Nov 7, 2020): We've both verified this on a test instance and had this be done to our public instance by a rogue-seeming user. We are unable to delete the rogue organization and user directly through bitwarden_rs due to #936.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.36.0

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#17634