-
Notifications
You must be signed in to change notification settings - Fork 566
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Leaking session / authorization in the urls posted in new comment bodies #649
Comments
darraghoriordan
changed the title
Leaking session authentication in the urls posted in new comment bodies
Leaking session / authorization in the urls posted in new comment bodies
Apr 14, 2023
Did you solve problem? I have still issue too. |
Hey, I didn't. I just removed it from my site. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey,
It looks like the link that is posted in new issue bodies leaks the session of the first commenter?
I can click on that link, and if the person is still logged in to github via utterances, i can post a comment as them.
The link that the bot creates for issue bodies should not include the "utterances=" query string containing the session??
The text was updated successfully, but these errors were encountered: