Hi,
We found a vulnerability on Copr that allows a regular user to retrieve user’s password hashes on the server.
Could you please provide us a GPG key in order to send back technical details of the bug ?
Best regards,
Fenrisk Team
Hi,
We found a vulnerability on Copr that allows a regular user to retrieve user’s password hashes on the server.
Could you please provide us a GPG key in order to send back technical details of the bug ?
Best regards,
Fenrisk Team
You mean a package hosted on copr or the copr code itself?
Are you planning to open a bug tracker ticket?
Why not share the details here?
I mean copr itself. I don’t share the details here for security reasons. I would share the details with the security team directly.
There is a copr mailing list you can use to get in touch with the copr people.
Thank you Maxime for the attempt to contact us here. As mentioned in the bug
2327274, this shouldn’t be a security problem. I at least created an upstream
issue for validation and I
enabled the vulnerability GitHub feature in the Copr
project. Feel free to use that
page next time, or fallback to secalert@redhat.com.
Added copr