jenkins.io icon indicating copy to clipboard operation
jenkins.io copied to clipboard

Published 20 hours ago verified publisher icon jenkins-infra

CNA scope conflict improvement

Open Kevin-CB opened this issue 2 years ago • 1 comments

We recently had a misunderstanding regarding the assignment of CVEs when there's a scope conflict with another CNA. (see SECURITY-3141)

Kevin-CB avatar Aug 14 '23 08:08 Kevin-CB

Disagree. We still handled it by coordinating with the other CNA, we just didn't assign it ourselves. This exists because we need maintainers not to go run off themselves and have CVEs assigned.

daniel-beck avatar Aug 14 '23 09:08 daniel-beck