public inbox for gcc@gcc.gnu.org
 help / color / mirror / Atom feed
* Security vulnerabilities affects core API authorization of gnu.org
@ 2021-01-04 10:23 Salah Mosbah
  2021-01-04 16:06 ` Jeff Law
  0 siblings, 1 reply; 5+ messages in thread
From: Salah Mosbah @ 2021-01-04 10:23 UTC (permalink / raw)
  To: janus; +Cc: gcc, jself

Hi Janus,

How can I report some high impact security vulnerabilities that I have
found on gnu.org
web app?

Also, does gnu.org has a bug bounty program or reporting bugs reward policy?

The vulnerabilities that I have found affects the core API of gnu.org which
allows unauthorized users to get access to other user's data that they
don't have access to it.

Regards,
-Salah

https://hackerone.com/salaheldeen101
https://bugcrowd.com/Salah-Mosbah

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Security vulnerabilities affects core API authorization of gnu.org
  2021-01-04 10:23 Security vulnerabilities affects core API authorization of gnu.org Salah Mosbah
@ 2021-01-04 16:06 ` Jeff Law
  2021-01-04 17:40   ` Salah Mosbah
  0 siblings, 1 reply; 5+ messages in thread
From: Jeff Law @ 2021-01-04 16:06 UTC (permalink / raw)
  To: Salah Mosbah, janus; +Cc: gcc, jself



On 1/4/21 3:23 AM, Salah Mosbah via Gcc wrote:
> Hi Janus,
>
> How can I report some high impact security vulnerabilities that I have
> found on gnu.org
> web app?
>
> Also, does gnu.org has a bug bounty program or reporting bugs reward policy?
>
> The vulnerabilities that I have found affects the core API of gnu.org which
> allows unauthorized users to get access to other user's data that they
> don't have access to it.
For gnu.org you'd need to contact the administrators of that domain,
which presumably you find contact information for on www.gnu.org.

If it's a problem with gcc.gnu.org, then the details should be sent to
overseers@gcc.gnu.org

Jeff


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Security vulnerabilities affects core API authorization of gnu.org
  2021-01-04 16:06 ` Jeff Law
@ 2021-01-04 17:40   ` Salah Mosbah
  2021-01-04 17:48     ` Jeff Law
  2021-01-04 17:50     ` Frank Ch. Eigler
  0 siblings, 2 replies; 5+ messages in thread
From: Salah Mosbah @ 2021-01-04 17:40 UTC (permalink / raw)
  To: Jeff Law; +Cc: janus, gcc, jself, overseers

Hi Jeff,

Does gnu.org has a bug bounty program or reporting bugs reward policy?

On Mon, Jan 4, 2021 at 6:06 PM Jeff Law <law@redhat.com> wrote:

>
>
> On 1/4/21 3:23 AM, Salah Mosbah via Gcc wrote:
> > Hi Janus,
> >
> > How can I report some high impact security vulnerabilities that I have
> > found on gnu.org
> > web app?
> >
> > Also, does gnu.org has a bug bounty program or reporting bugs reward
> policy?
> >
> > The vulnerabilities that I have found affects the core API of gnu.org
> which
> > allows unauthorized users to get access to other user's data that they
> > don't have access to it.
> For gnu.org you'd need to contact the administrators of that domain,
> which presumably you find contact information for on www.gnu.org.
>
> If it's a problem with gcc.gnu.org, then the details should be sent to
> overseers@gcc.gnu.org
>
> Jeff
>
>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Security vulnerabilities affects core API authorization of gnu.org
  2021-01-04 17:40   ` Salah Mosbah
@ 2021-01-04 17:48     ` Jeff Law
  2021-01-04 17:50     ` Frank Ch. Eigler
  1 sibling, 0 replies; 5+ messages in thread
From: Jeff Law @ 2021-01-04 17:48 UTC (permalink / raw)
  To: Salah Mosbah; +Cc: janus, gcc, jself, overseers



On 1/4/21 10:40 AM, Salah Mosbah wrote:
> Hi Jeff,
>
> Does gnu.org <http://gnu.org/> has a bug bounty program or reporting
> bugs reward policy?
I have no idea.
jeff
>


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: Security vulnerabilities affects core API authorization of gnu.org
  2021-01-04 17:40   ` Salah Mosbah
  2021-01-04 17:48     ` Jeff Law
@ 2021-01-04 17:50     ` Frank Ch. Eigler
  1 sibling, 0 replies; 5+ messages in thread
From: Frank Ch. Eigler @ 2021-01-04 17:50 UTC (permalink / raw)
  To: Overseers mailing list
  Cc: Jeff Law, Salah Mosbah, overseers, gcc, janus, jself

Hi -

> Does gnu.org has a bug bounty program or reporting bugs reward policy?

You are not talking to gnu.org, you are talking to gcc.gnu.org admins.
Maybe see webmasters@gnu.org.
I am not aware of any sort of bug bounty in either site.

- FChE

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-01-04 17:50 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-04 10:23 Security vulnerabilities affects core API authorization of gnu.org Salah Mosbah
2021-01-04 16:06 ` Jeff Law
2021-01-04 17:40   ` Salah Mosbah
2021-01-04 17:48     ` Jeff Law
2021-01-04 17:50     ` Frank Ch. Eigler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).