Comment 13 for bug 1873290
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: OAuth1 request token authorize silently ignores roles parameter | #13 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Gage's impact description in comment #11 seems fine to me, we should proceed with a CVE request for this.
The fact that exploitation is limited to trusted users and needs someone with the desired permissions to at least issue an OAuth1 token, the risk of continuing discussion in public seems limited. How does everyone feel about switching to a public workflow for this report?