search

cenoteandoDB / cenoteando

GitHub repository for Cenoteando project
https://www.cenoteando.org
MIT License
6 stars 2 forks source link

Reporting a Vulnerability #97

Open lbettels opened 3 weeks ago

lbettels commented 3 weeks ago

To whom it may concern,

I am a student researching a security vulnerability and may have identified one in your application. What is your prefered way of disclosing the vulnerability?

Cheers, lbettels

mfanito commented 2 weeks ago

Hi lbettels,

Thanks for sharing your finding of a potential vulnerability on our project code.

We thank your insight and suggest a video conference with the other contributors (Diogo, Francisco and Isaak), so that you can explain where the attack vulnerability is, and best ways to fix it.

If you're not comfortable with a video conference, you can perhaps explain the issue in text through email, using this communication channel, making sure you copy all contributor emails added.

Al the best

Nuno

On Sat, 24 Aug 2024 at 13:22, lbettels @.***> wrote:

To whom it may concern,

I am a student researching a security vulnerability and may have identified one in your application. What is your prefered way of disclosing the vulnerability?

Cheers, lbettels

— Reply to this email directly, view it on GitHub https://github.com/cenoteandoDB/cenoteando/issues/97, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS7TU4I4LCS7HMNKNQ2VDLDZTB3HJAVCNFSM6AAAAABNBRR47WVHI2DSMVQWIX3LMV43ASLTON2WKOZSGQ4DINJVGAYDGNI . You are receiving this because you are subscribed to this thread.Message ID: @.***>

--

Nuno Simoes Ph.D. UMDI-Sisal, Facultad de Ciencias, UNAM Sisal, Yucatán, México

http://www.bdmy.org.mx http://www.bdmy.org.mx piecemo.sisal.unam.mx http://piecemo.sisal.unam.mx/ http://www.cenoteando.com http://www.sisal.unam.mx/

lbettels commented 1 week ago

Hey mfanito,

I apologize for the delay, the last weeks have been really busy for me. I will gladly send you an Email explaining the vulnerability, as a video conference does not suit me at the moment.

Also, I was only able to find Diogo's mail on his profile. Is it fine with all of you if I send the Mail to him?

Cheers! lbettels

mfanito commented 1 week ago

Hi Yes, please. Send the mail to Diogo. All the best Nuno

On Tue, 3 Sept 2024 at 13:45, lbettels @.***> wrote:

Hey mfanito,

I apologize for the delay, the last weeks have been really busy for me. I will gladly send you an Email explaining the vulnerability, as a video conference does not suit me at the moment.

Also, I was only able to find Diogo's mail on his profile. Is it fine with all of you if I send the Mail to him?

Cheers! lbettels

— Reply to this email directly, view it on GitHub https://github.com/cenoteandoDB/cenoteando/issues/97#issuecomment-2326434178, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS7TU4N22RX2JGG74LNCI5LZUWVQFAVCNFSM6AAAAABNBRR47WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMRWGQZTIMJXHA . You are receiving this because you commented.Message ID: @.***>

--

Nuno Simoes Ph.D. UMDI-Sisal, Facultad de Ciencias, UNAM Sisal, Yucatán, México

http://www.bdmy.org.mx http://www.bdmy.org.mx piecemo.sisal.unam.mx http://piecemo.sisal.unam.mx/ http://www.cenoteando.com http://www.sisal.unam.mx/

lbettels commented 1 week ago

I just sent the Mail. I hope the description is helpful, if any questions arise feel free to contact me.

Cheers, lbettels