Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.
https://gist.github.com/pyuysig/68754e4c40161ea27fcf80be46c59e7c