Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Log out only deletes browser cookies #4336

Closed
1 of 7 tasks
ghost opened this issue Jun 28, 2018 · 2 comments
Closed
1 of 7 tasks

[Security] Log out only deletes browser cookies #4336

ghost opened this issue Jun 28, 2018 · 2 comments
Labels
topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!

Comments

@ghost
Copy link

ghost commented Jun 28, 2018
edited by ghost
Loading

  • Gitea version (or commit ref): all
  • Git version: not relevant
  • Operating system: not relevant
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

Screenshots
@ghost ghost changed the title Log out only deletes cookies [Security] Log out only deletes cookies Jun 28, 2018
@ghost ghost changed the title [Security] Log out only deletes cookies [Security] Log out only deletes browser cookies Jun 28, 2018
@techknowlogick techknowlogick added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Jun 28, 2018
@axifive
Copy link
Member

axifive commented Jun 29, 2018
edited
Loading

@cezar97, Thank you for the Gitea security research, this is extremely important for the further successful development of the project.
I eventually reproduced this problem. It was necessary to log in with clicked Remember Me checkbox. And after analysis the problem turned out to be more serious than it seemed.

@lafriks
Copy link
Member

lafriks commented Jul 3, 2018

@cezar97 not to be picky but I did respond to your reports. It just that we all (including Gitea Team) here are voluntary developers working in their free time so not everything can be done so fast as we would like. We still have to do our daily work to get money :) Anyway we are thinking on way to get word out about reported security issues to more Gitea maintainers

@ghost ghost mentioned this issue Aug 14, 2018
Closed
7 tasks
@lunny lunny closed this as completed Dec 21, 2021
@go-gitea go-gitea locked and limited conversation to collaborators Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lunny @techknowlogick @lafriks @axifive