100 pts
@testmanager92 reported an information disclosure vulnerability where we were failing to clear a cookie that contained a user’s username when they sign out. We addressed this by clearing the cookie value when a user signs out.
400 pts
@testmanager92 reported a very-low risk vulnerability where an in-progress repository transfer could be aborted via CSRF. This issue was addressed by validating the CSRF token on this endpoint.
