Re: Security vulnerabilities affects core API authorization of gnu.org

Re: Security vulnerabilities affects core API authorization of gnu.org

[Salah Mosbah]

Hi Jeff,

Does gnu.org has a bug bounty program or reporting bugs reward policy?

On Mon, Jan 4, 2021 at 6:06 PM Jeff Law <law@redhat.com> wrote:

>
>
> On 1/4/21 3:23 AM, Salah Mosbah via Gcc wrote:
> > Hi Janus,
> >
> > How can I report some high impact security vulnerabilities that I have
> > found on gnu.org
> > web app?
> >
> > Also, does gnu.org has a bug bounty program or reporting bugs reward
> policy?
> >
> > The vulnerabilities that I have found affects the core API of gnu.org
> which
> > allows unauthorized users to get access to other user's data that they
> > don't have access to it.
> For gnu.org you'd need to contact the administrators of that domain,
> which presumably you find contact information for on www.gnu.org.
>
> If it's a problem with gcc.gnu.org, then the details should be sent to
> overseers@gcc.gnu.org
>
> Jeff
>
>

Re: Security vulnerabilities affects core API authorization of gnu.org

[Jeff Law]

On 1/4/21 10:40 AM, Salah Mosbah wrote:
> Hi Jeff,
>
> Does gnu.org <http://gnu.org/> has a bug bounty program or reporting
> bugs reward policy?
I have no idea.
jeff
>

Re: Security vulnerabilities affects core API authorization of gnu.org

[Frank Ch. Eigler]

Hi -

> Does gnu.org has a bug bounty program or reporting bugs reward policy?

You are not talking to gnu.org, you are talking to gcc.gnu.org admins.
Maybe see webmasters@gnu.org.
I am not aware of any sort of bug bounty in either site.

- FChE