search

TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.28k stars 609 forks source link

Security concern #2309

Closed JamieSlome closed 2 years ago

JamieSlome commented 2 years ago

Hey there!

I belong to an open source security research community, and a member (@shivansh-khari) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

JamieSlome commented 2 years ago

@jeromeleonard @To-om - it looks like all of the reports have been addressed?

If possible, could we mark the reports accordingly: https://huntr.dev/bounties/6c042858-566c-4ad7-b7e2-f2671f125475/ https://huntr.dev/bounties/156011de-02c3-4c66-8abe-72b44cd2ce50/

This allows us to reward the researcher 👍