You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a region is cloned the access token for the push page content API endpoint is cloned as well. This is a leak of information as users of the newly cloned region can use this token to push content to the source region.
Steps to Reproduce
Edit a page and set the "API access token"
Clone the region
Open the page in the cloned region and look at the token.
Expected Behavior
API access tokens should be cleared after cloning.
Actual Behavior
API access tokens are cloned along all other page properties.
Additional Information
Should we reserve a CVE? 😹
The text was updated successfully, but these errors were encountered:
Describe the Bug
When a region is cloned the access token for the push page content API endpoint is cloned as well. This is a leak of information as users of the newly cloned region can use this token to push content to the source region.
Steps to Reproduce
Expected Behavior
API access tokens should be cleared after cloning.
Actual Behavior
API access tokens are cloned along all other page properties.
Additional Information
Should we reserve a CVE? 😹
The text was updated successfully, but these errors were encountered: