search

layer5io / layer5

Layer5, expect more from your infrastructure
https://layer5.io
Apache License 2.0
859 stars 1.19k forks source link

l5vuln-oct17-1 #3357

Closed Onyx2406 closed 1 year ago

Onyx2406 commented 1 year ago

Description

This is opened to track the Security Issue affecting a subdomain of layer5.io. Once, the issue is fixed, it can be closed. If given permission, I would be happy to disclose the report here after the fix is implemented.

mailsentTo: security@meshery.dev mailsentFrom: yashsancheti24@gmail.com

Contributor Resources and Handbook

The layer5.io website uses Gatsby, React, and GitHub Pages. Site content is found under the master branch.

leecalcote commented 1 year ago

@Onyx2406 Thanks for filing this report. Given our use of Discourse as the underlying platform for discuss.layer5.io, has this particular concern been raised with discourse.org? We'll need for this concern to be addressed in the upstream project.

Onyx2406 commented 1 year ago

@Onyx2406 Thanks for filing this report. Given our use of Discourse as the underlying platform for discuss.layer5.io, has this particular concern been raised with discourse.org? We'll need for this concern to be addressed in the upstream project.

@leecalcote I can't say anything about it as most of the reports submitted on Discourse hacktivity are not disclosed publicly and I don't see this particular concern being pubicly disclosed there but I can always open a report there about this issue and they can let me know if this has already been reported to them by someone or not.

Discourse Program Hacktivity: https://hackerone.com/discourse/hacktivity?type=team

leecalcote commented 1 year ago

Oh, very good. Yes, this sounds like the appropriate next step.

Onyx2406 commented 1 year ago

image

leecalcote commented 1 year ago

@Onyx2406 makes sense. Did they give a ticket # to reference?

Onyx2406 commented 1 year ago

@Onyx2406 makes sense. Did they give a ticket # to reference?

Nope. They can't as it's restricted by discourse.

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 1 year ago

This issue is being automatically closed due to inactivity. However, you may choose to reopen this issue.

UtkarshMishra12 commented 1 year ago

@leecalcote ^^

leecalcote commented 1 year ago

Until Discourse offers a fix, our hands are tied.

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] commented 1 year ago

Checking in... it has been awhile since we've heard from you on this issue. Are you still working on it? Please let us know and please don't hesitate to contact a MeshMate or any other community member for assistance.

        Be sure to join the community, if you haven't yet and please leave a :star: star on the project :smile:

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 1 year ago

This issue is being automatically closed due to inactivity. However, you may choose to reopen this issue.