octoprint is vulnerable to privilege escalation. The vulnerability exists in get_additional_permissions
function of __init__.py
because the plugin manager role based list permission is not properly restricted which allows a low privileged user with read-only access to modify the admin environment.