From 534fc2123e40b7517aeaffd709faf72af97ac3b8 Mon Sep 17 00:00:00 2001 From: Dylan Hardison Date: Thu, 5 Nov 2015 00:28:14 -0500 Subject: Bug 1196743 - Fix information disclosure vulnerability that allows attacker to obtain victim's GitHub OAuth return code --- Bugzilla/Auth/Persist/Cookie.pm | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Bugzilla/Auth') diff --git a/Bugzilla/Auth/Persist/Cookie.pm b/Bugzilla/Auth/Persist/Cookie.pm index 4adb00f96..fd910b118 100644 --- a/Bugzilla/Auth/Persist/Cookie.pm +++ b/Bugzilla/Auth/Persist/Cookie.pm @@ -90,6 +90,8 @@ sub persist_login { $cookieargs{'-secure'} = 1; } + $cgi->remove_cookie('github_secret'); + $cgi->remove_cookie('Bugzilla_login_request_cookie'); $cgi->send_cookie(-name => 'Bugzilla_login', -value => $user->id, %cookieargs); -- cgit v1.2.3-24-g4f1b