Yep, this would be my guess. Something like "UserID" gets cached per node and suddenly you're seeing the wrong persons data.

I wouldn't expect to be able to administer the resources if this was just a caching issue. Seeing them yes, administer them no. Unless their authx design is tragically bad.

"Full Access" could mean a lot of things. I don't see anything suggesting they could make changes (though I haven't read the entire thread). The user could just assume they have full access because they can see everything.

there was a comment in one of the reddit threads that someone was able to create a vlan on someone else's network

It's hard to be certain while we're just speculation, but a view caching bug could make it _look_ like you're making changes to the other user's console even if they're actually going to your own console.

It could also be caching something that contains a token that can perform other actions. The disparate reports of different pages and being able to navigate make it sound like this is at some API level, not literally caching the console page view.

This is my line of thinking. It's bonkers if that's the case - sign of a completely broken mindset towards auth.

If your login/access token request is cached this could happen. But that may qualify as "tragically bad".

That was my first thought, it sounds similar to what happened with Klarna[1] a few years ago.

[1] https://news.ycombinator.com/item?id=27301219