2,500 pts
@stefansundin reported that several Gist API
endpoints could be used to list a user’s secret Gists when using an OAuth access
token that had been granted no authorization scopes. We addressed this issue by
modifying these API endpoints to only include secret Gists if the token has
the gist scope.
