Description
The cleanupOrphaned command calls into RangeDeleterDBEnv::deleteRange, which calls cc().getAuthorizationSession()->grantInternalAuthorization().
This means that anyone with permission to run cleanupOrphaned can get privilege escalation because all they need to do is run cleanupOrphaned and now they are authenticated as the internal user, with full access to the system.