Summary by Dropbox
This report demonstrated a privilege escalation in which an attacker that already had the ability to invite users to join a team could replace the team owner. An attacker could exploit this vulnerability by modifying an invitation. A fix for the issue has been released and it was applied for existing users through an automatic update.