Fedora vulnerability report

Hi,

We found a vulnerability on Copr that allows a regular user to retrieve user’s password hashes on the server.

Could you please provide us a GPG key in order to send back technical details of the bug ?

Best regards,

Fenrisk Team

You mean a package hosted on copr or the copr code itself?

Are you planning to open a bug tracker ticket?

Why not share the details here?

I mean copr itself. I don’t share the details here for security reasons. I would share the details with the security team directly.

1 Like

There is a copr mailing list you can use to get in touch with the copr people.

See copr-devel - Fedora mailing-lists

1 Like

Thank you Maxime for the attempt to contact us here. As mentioned in the bug
2327274, this shouldn’t be a security problem. I at least created an upstream
issue for validation
and I
enabled the vulnerability GitHub feature in the Copr
project
. Feel free to use that
page next time, or fallback to secalert@redhat.com.

2 Likes

Added copr