RPi-Jukebox-RFID icon indicating copy to clipboard operation
RPi-Jukebox-RFID copied to clipboard

Published 20 hours ago verified publisher icon MiczFlor

🐛 🛡️ | Security vulnerability disclosure

Open kazet opened this issue 1 year ago • 2 comments

Hello,

CERT PL found a security vulnerability in this repository. How can we report this privately? We don't see any security policy describing how such vulnerabilities should be reported.

kazet avatar Nov 21 '23 11:11 kazet

Hi, How did CERT PL got attention to this repository?

Do you have a recommendation or example how this can be handled or is handled in other repositories?

Groovylein avatar Jan 01 '24 12:01 Groovylein

Hi, CERT PL has performed a broad vulnerability scan of open source projects and that one was tested as well.

Different ways of handling such reports are possible, it depends on the level of confidentiality one wants to achieve. Solutions start from specifying a dedicated e-mail address and a corresponding PGP public key, through web forms with TLS encryption, ending with publicly discussing them as regular issues on GitHub

lukigruszka avatar Jan 26 '24 11:01 lukigruszka

Duplicate of #2342

s-martin avatar Apr 19 '24 13:04 s-martin