* Re: Security vulnerabilities affects core API authorization of gnu.org [not found] ` <ac9ccc21-c01a-a503-a598-e009e30bf4e7@redhat.com> @ 2021-01-04 17:40 ` Salah Mosbah 2021-01-04 17:48 ` Jeff Law 2021-01-04 17:50 ` Frank Ch. Eigler 0 siblings, 2 replies; 3+ messages in thread From: Salah Mosbah @ 2021-01-04 17:40 UTC (permalink / raw) To: Jeff Law; +Cc: janus, gcc, jself, overseers Hi Jeff, Does gnu.org has a bug bounty program or reporting bugs reward policy? On Mon, Jan 4, 2021 at 6:06 PM Jeff Law <law@redhat.com> wrote: > > > On 1/4/21 3:23 AM, Salah Mosbah via Gcc wrote: > > Hi Janus, > > > > How can I report some high impact security vulnerabilities that I have > > found on gnu.org > > web app? > > > > Also, does gnu.org has a bug bounty program or reporting bugs reward > policy? > > > > The vulnerabilities that I have found affects the core API of gnu.org > which > > allows unauthorized users to get access to other user's data that they > > don't have access to it. > For gnu.org you'd need to contact the administrators of that domain, > which presumably you find contact information for on www.gnu.org. > > If it's a problem with gcc.gnu.org, then the details should be sent to > overseers@gcc.gnu.org > > Jeff > > ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Security vulnerabilities affects core API authorization of gnu.org 2021-01-04 17:40 ` Security vulnerabilities affects core API authorization of gnu.org Salah Mosbah @ 2021-01-04 17:48 ` Jeff Law 2021-01-04 17:50 ` Frank Ch. Eigler 1 sibling, 0 replies; 3+ messages in thread From: Jeff Law @ 2021-01-04 17:48 UTC (permalink / raw) To: Salah Mosbah; +Cc: janus, gcc, jself, overseers On 1/4/21 10:40 AM, Salah Mosbah wrote: > Hi Jeff, > > Does gnu.org <http://gnu.org/> has a bug bounty program or reporting > bugs reward policy? I have no idea. jeff > ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Security vulnerabilities affects core API authorization of gnu.org 2021-01-04 17:40 ` Security vulnerabilities affects core API authorization of gnu.org Salah Mosbah 2021-01-04 17:48 ` Jeff Law @ 2021-01-04 17:50 ` Frank Ch. Eigler 1 sibling, 0 replies; 3+ messages in thread From: Frank Ch. Eigler @ 2021-01-04 17:50 UTC (permalink / raw) To: Overseers mailing list Cc: Jeff Law, Salah Mosbah, overseers, gcc, janus, jself Hi - > Does gnu.org has a bug bounty program or reporting bugs reward policy? You are not talking to gnu.org, you are talking to gcc.gnu.org admins. Maybe see webmasters@gnu.org. I am not aware of any sort of bug bounty in either site. - FChE ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-01-04 17:50 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <CAFEc1FcNApb65M6D6aVi=qZ6OiQ64QPGfTA558POYvS55uV=dA@mail.gmail.com> [not found] ` <ac9ccc21-c01a-a503-a598-e009e30bf4e7@redhat.com> 2021-01-04 17:40 ` Security vulnerabilities affects core API authorization of gnu.org Salah Mosbah 2021-01-04 17:48 ` Jeff Law 2021-01-04 17:50 ` Frank Ch. Eigler
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).