vorburger
commented
4 years ago @edcable could you ping any active mifos-mobile maintainers here to engage with @intrigus-lgtm ?
Closed intrigus-lgtm closed 3 years ago
vorburger
commented
4 years ago @edcable could you ping any active mifos-mobile maintainers here to engage with @intrigus-lgtm ?
edcable
commented
4 years ago @miPlodder can you please reach out to @intrigus-lgtm?
miPlodder
commented
4 years ago @intrigus-lgtm We can use the Mifos Mailing list for communication or a private mail thread for the purpose.
@edcable Can you create a Security Advisory and add req folks as collaborators?
vorburger
commented
4 years ago @miPlodder I've created https://github.com/openMF/mifos-mobile/security/advisories/GHSA-9657-33wf-rmvx
FYI security sensitive matters are typically not discussed on public mailing lists until they are resolved.
I don't know much about these GitHub security advisories, but they seem like a good way to deal with this. I assume after everything is fixed, they may become public when the (now fixed) vulnerability will be "disclosed" in the future.
I won't be able to directly support this effort (just due to lack of time) - best of luck!
miPlodder
commented
4 years ago Thanks @vorburger ,
@intrigus-lgtm Security Advisory is created, https://github.com/openMF/mifos-mobile/security/advisories/GHSA-9657-33wf-rmvx
intrigus-lgtm
commented
3 years ago
Hi, could you please create a new draft security advisory and invite me to it? Any other private communication channel would also be fine. I think I've found a potential security problem.
Pinging @vorburger as I've reported a similar instance in fineract.