francoisjacquet
commented
3 years ago Hello @zidingz
As mentioned in #252 issues are now handled at GitLab, and for your particular case, GitLab offers the option to make the issue private.
Closed zidingz closed 3 years ago
francoisjacquet
commented
3 years ago Hello @zidingz
As mentioned in #252 issues are now handled at GitLab, and for your particular case, GitLab offers the option to make the issue private.
zidingz
commented
3 years ago Hey @francoisjacquet,
I just submitted an issue through Gitlab, but I couldn't find the option to make the issue private on the submit issue page, and I assumed perhaps it was the default for your repo. Unfortunately, I believe the issue was posted publicly, despite my closing it soon after.
There are 7 other potential issues we'd like to responsibly disclose to you. Would you kindly advise how to report something private on Gitlab, or provide another means of contact? Thank you.
francoisjacquet
commented
3 years ago Hello @zidingz
Thank you for posting the issue at GitLab.
Don't you have access to the "Confidentiality" setting on the right menu?
As you can see on the screenshot, there is also a button to request a CVE ID if need be.
In case you do not have access to these settings when creating an issue through GitLab, you can send the other security issues to the email address you will find at https://www.rosariosis.org/
zidingz
commented
3 years ago Really appreciate your assistance. We'll use the email found on your website. Thank you!
JamieSlome
commented
2 years ago @francoisjacquet - we have received more reports against this repository. You can view all of them directly here:
https://huntr.dev/bounties/0b830121-7e99-4f26-a767-d0d2903939f5/ https://huntr.dev/bounties/dd459af1-a418-430b-9317-c34e099027c8/ https://huntr.dev/bounties/158bcf1f-91fb-4398-8b8f-a4bcd4e9ba88/ https://huntr.dev/bounties/058b4ff2-30de-4e81-ac1d-6ca749c72764/ https://huntr.dev/bounties/9755ae6a-b08b-40a0-8089-c723b2d9ca52/ https://huntr.dev/bounties/9abe5c4b-5ea3-460e-8053-3e36646d9506/
Let me know if you have any questions 👍
Hi there,
I couldn't find a
SECURITY.mdin your repository and am not sure how to best contact you privately to disclose a security issue.Can you add a
SECURITY.mdfile with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.Once you've done that, you should receive an e-mail within the next hour with more info.
Thanks! (cc @huntr-helper)