system19
commented
6 years ago Great to have a third party professional do penetration testing. Thanks so much for the feedback.
Open kaitorecca opened 6 years ago
system19
commented
6 years ago Great to have a third party professional do penetration testing. Thanks so much for the feedback.
kaitorecca
commented
6 years ago Hope to have great support from Frappe team. If you can have some resources for fixing these things, I will post other serious bug of Frappe, so together we can make ERPNext become ready for enterprise solution.
williamjmorenor
commented
6 years ago I do think that a private mail to the frappe team to work with a coordinated disclosure of the issue the fix available at the same time is a good way to work about security issues, and better that a full public disclosure.
strixaluco
commented
6 years ago @kaitorecca The same as with frappe/frappe/issues/5974, you should've better filed report to Frappe team via email first.
mitjakolsek
commented
6 years ago Just a heads up @kaitorecca that while you deleted the details one can still see the previous version of your post by clicking on "edited" and selecting your original post.
attritionorg
commented
6 years ago Anyone aware if a CVE ID was assigned to this issue? e.g. CVE-2018-3882 through CVE-2018-3885.
Currenly, I’m in process of implementing in Banking sector :). During the security penetration, security team discover a high security bug in Report View. Here is the log:
[ Deleted exploitted detail per request from Frappe team]