diff options
| -rw-r--r-- | changelogs/unreleased/32059-fix-oauth-phishing.yml | 6 | ||||
| -rw-r--r-- | config/locales/doorkeeper.en.yml | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/changelogs/unreleased/32059-fix-oauth-phishing.yml b/changelogs/unreleased/32059-fix-oauth-phishing.yml new file mode 100644 index 00000000000..1aaa7285309 --- /dev/null +++ b/changelogs/unreleased/32059-fix-oauth-phishing.yml @@ -0,0 +1,6 @@ +--- +title: Prevent OAuth phishing attack by presenting detailed wording about app to user + during authorization +merge_request: +author: +type: security diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml index 6f105d20771..b1c71095d4f 100644 --- a/config/locales/doorkeeper.en.yml +++ b/config/locales/doorkeeper.en.yml @@ -61,7 +61,7 @@ en: api: Access the authenticated user's API read_user: Read the authenticated user's personal information openid: Authenticate using OpenID Connect - sudo: Perform API actions as any user in the system + sudo: Perform API actions as any user in the system (if the authenticated user is an admin) scope_desc: api: Full access to GitLab as the user, including read/write on all their groups and projects |