Phabricator: IRC-Bot exposes information

ID H1:222870
Type hackerone
Reporter luke081515
Modified 2017-04-21T20:36:32


You can setup the IRC-Bot, and set it into private channels, so that it posts only information about tasks into private channels. Example: <Human> T698 <Bot> T698: Task title -

The problem is, that, if the bot is online in IRC, you can send him task numbers via private messages, and then he exposes the title of tasks without access control.