* Security vulnerabilities affects core API authorization of gnu.org
@ 2021-01-04 10:23 Salah Mosbah
2021-01-04 16:06 ` Jeff Law
0 siblings, 1 reply; 5+ messages in thread
From: Salah Mosbah @ 2021-01-04 10:23 UTC (permalink / raw)
To: janus; +Cc: gcc, jself
Hi Janus,
How can I report some high impact security vulnerabilities that I have
found on gnu.org
web app?
Also, does gnu.org has a bug bounty program or reporting bugs reward policy?
The vulnerabilities that I have found affects the core API of gnu.org which
allows unauthorized users to get access to other user's data that they
don't have access to it.
Regards,
-Salah
https://hackerone.com/salaheldeen101
https://bugcrowd.com/Salah-Mosbah
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Security vulnerabilities affects core API authorization of gnu.org
2021-01-04 10:23 Security vulnerabilities affects core API authorization of gnu.org Salah Mosbah
@ 2021-01-04 16:06 ` Jeff Law
2021-01-04 17:40 ` Salah Mosbah
0 siblings, 1 reply; 5+ messages in thread
From: Jeff Law @ 2021-01-04 16:06 UTC (permalink / raw)
To: Salah Mosbah, janus; +Cc: gcc, jself
On 1/4/21 3:23 AM, Salah Mosbah via Gcc wrote:
> Hi Janus,
>
> How can I report some high impact security vulnerabilities that I have
> found on gnu.org
> web app?
>
> Also, does gnu.org has a bug bounty program or reporting bugs reward policy?
>
> The vulnerabilities that I have found affects the core API of gnu.org which
> allows unauthorized users to get access to other user's data that they
> don't have access to it.
For gnu.org you'd need to contact the administrators of that domain,
which presumably you find contact information for on www.gnu.org.
If it's a problem with gcc.gnu.org, then the details should be sent to
overseers@gcc.gnu.org
Jeff
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Security vulnerabilities affects core API authorization of gnu.org
2021-01-04 16:06 ` Jeff Law
@ 2021-01-04 17:40 ` Salah Mosbah
2021-01-04 17:48 ` Jeff Law
2021-01-04 17:50 ` Frank Ch. Eigler
0 siblings, 2 replies; 5+ messages in thread
From: Salah Mosbah @ 2021-01-04 17:40 UTC (permalink / raw)
To: Jeff Law; +Cc: janus, gcc, jself, overseers
Hi Jeff,
Does gnu.org has a bug bounty program or reporting bugs reward policy?
On Mon, Jan 4, 2021 at 6:06 PM Jeff Law <law@redhat.com> wrote:
>
>
> On 1/4/21 3:23 AM, Salah Mosbah via Gcc wrote:
> > Hi Janus,
> >
> > How can I report some high impact security vulnerabilities that I have
> > found on gnu.org
> > web app?
> >
> > Also, does gnu.org has a bug bounty program or reporting bugs reward
> policy?
> >
> > The vulnerabilities that I have found affects the core API of gnu.org
> which
> > allows unauthorized users to get access to other user's data that they
> > don't have access to it.
> For gnu.org you'd need to contact the administrators of that domain,
> which presumably you find contact information for on www.gnu.org.
>
> If it's a problem with gcc.gnu.org, then the details should be sent to
> overseers@gcc.gnu.org
>
> Jeff
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Security vulnerabilities affects core API authorization of gnu.org
2021-01-04 17:40 ` Salah Mosbah
@ 2021-01-04 17:48 ` Jeff Law
2021-01-04 17:50 ` Frank Ch. Eigler
1 sibling, 0 replies; 5+ messages in thread
From: Jeff Law @ 2021-01-04 17:48 UTC (permalink / raw)
To: Salah Mosbah; +Cc: janus, gcc, jself, overseers
On 1/4/21 10:40 AM, Salah Mosbah wrote:
> Hi Jeff,
>
> Does gnu.org <http://gnu.org/> has a bug bounty program or reporting
> bugs reward policy?
I have no idea.
jeff
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Security vulnerabilities affects core API authorization of gnu.org
2021-01-04 17:40 ` Salah Mosbah
2021-01-04 17:48 ` Jeff Law
@ 2021-01-04 17:50 ` Frank Ch. Eigler
1 sibling, 0 replies; 5+ messages in thread
From: Frank Ch. Eigler @ 2021-01-04 17:50 UTC (permalink / raw)
To: Overseers mailing list
Cc: Jeff Law, Salah Mosbah, overseers, gcc, janus, jself
Hi -
> Does gnu.org has a bug bounty program or reporting bugs reward policy?
You are not talking to gnu.org, you are talking to gcc.gnu.org admins.
Maybe see webmasters@gnu.org.
I am not aware of any sort of bug bounty in either site.
- FChE
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-01-04 17:50 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-04 10:23 Security vulnerabilities affects core API authorization of gnu.org Salah Mosbah
2021-01-04 16:06 ` Jeff Law
2021-01-04 17:40 ` Salah Mosbah
2021-01-04 17:48 ` Jeff Law
2021-01-04 17:50 ` Frank Ch. Eigler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).