ChrisTruncer
commented
2 years ago Hi there, thanks for reaching out! I just pushed one for you to review. Thanks for the suggestion!
Closed JamieSlome closed 2 years ago
ChrisTruncer
commented
2 years ago Hi there, thanks for reaching out! I just pushed one for you to review. Thanks for the suggestion!
JamieSlome
commented
2 years ago @ChrisTruncer - appreciate your diligence here ⚡
You can find both reports here: https://huntr.dev/bounties/b6f36ca2-5fb9-4ed2-a615-29094f6c7f3d/ https://huntr.dev/bounties/813644f5-1c6b-4a64-8b9c-f0f552113e06/
They are private and only accessible to maintainers with repository write permissions 👍 Would you like me to still follow up and send to the e-mail address you elected?
ChrisTruncer
commented
2 years ago Hi @JamieSlome - I'd prefer not to give a third party application access to my private data. I'm currently on a plane so I can't get this done now, but I am going to generate a PGP for the security email address, and then update the security.md file. Once I get that done, I'll comment in here to notify you if you wouldn't mind sending any information to me/us that way.
ChrisTruncer
commented
2 years ago Nevermind, I got it added in now. So you can get it on the same file. Thanks!
JamieSlome
commented
2 years ago @ChrisTruncer - absolutely, we can certainly get you access to the reports without having to sign-up 👍 You should receive two e-mails from me shortly with more information about both reports.
Once again, appreciate your time here, and hope you had a safe flight! 🛩
JamieSlome
commented
2 years ago @ChrisTruncer - that is both e-mails sent...
ChrisTruncer
commented
2 years ago Hi there,
Just as a heads up, I have not received any e-mails. I just did a test on my end to make sure the e-mail address is working, and I received the test message.
JamieSlome
commented
2 years ago @ChrisTruncer - just to confirm, the address is: contact@fortynorthsecurity.com
Are you able to check your spam or promotions folder?
ChrisTruncer
commented
2 years ago That is completely my fault. The actual address is security @, not contact. I apologize for that, sorry for having you all take extra steps on an invalid email.
JamieSlome
commented
2 years ago @ChrisTruncer - no worries at all 👍 I will arrange the e-mails to be sent to the new address now...
JamieSlome
commented
2 years ago Sorted - let me know if you have/haven't received both e-mails :)
digininja
commented
2 years ago After all this build up, I really hope these are some amazing vulnerabilities when they finally get announced.
On Thu, 5 May 2022 at 11:13, Jamie Slome @.***> wrote:
Sorted - let me know if you have/haven't received both e-mails :)
— Reply to this email directly, view it on GitHub https://github.com/FortyNorthSecurity/EyeWitness/issues/570#issuecomment-1118388137, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWNB46XC4DSBMARNBWTVIONN5ANCNFSM5UVD66EQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>
digininja
commented
2 years ago They weren't.
Hey there!
I belong to an open source security research community, and a member (@nerrorsec) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)