Tonight we had a player who had no admin permissions nor did he have any elevated job roles set his job to police boss.
is anyone aware of a current vulnerability in the police job script or ESX extended which is causing this issue? Or is there possibly a larger vulnerability within FiveM?
We have two suspected players now who have managed to become police chief and in both cases fired the rest of the staff. As an admin I was able to correct their actions but it is concerning that they were able to become police chief in the first place.
They are likely not making themselves bosses, but instead are triggering client events to open the boss menu, since ESX_PoliceJob does not check this client side.