Closed mogulano closed 3 years ago
I guess you can in general report them to cncf-strimzi-maintainers@lists.cncf.io mailing list. But keep in mind that the Strimzi UI has no releases and is not usable at this point. So IMHO at this point you can probably just report them as regular issues since they would anyway not be CVEs as far as I understood.
The vulnerability allows getting read/write access to repository for any user. Are you sure it is the best course of actions to make the instructions public in a mail conference or attach to the repo as an issue? I have already sent the report to jordan.tucker1@ibm.com and pmuir@bleepbleep.org.uk without response.
AFAIK the maintainers mailing list is private. Or are you saying you can read its posts?
Didn't know it is private. Thanks!
How could I report a security vulnerability? Any email to write to?