[SAC] Fwd: Responsible Security Disclosure
Jeff McKenna
jmckenna at gatewaygeomatics.com
Fri Jul 7 09:26:12 PDT 2017
Hi Jachym,
Thanks for reporting this. I've denied viewing of .git folders on that
domain through Apache. Let me know if it works for you. thanks,
-jeff
--
Jeff McKenna
President Emeritus, OSGeo Foundation
http://wiki.osgeo.org/wiki/Jeff_McKenna
On 2017-07-07 12:43 PM, Jachym Cepicky wrote:
>
> dear sac,
>
> do you thing, you could handle this?
>
> j
>
> ---------- Forwarded message ---------
> From: <researcher at port43.consulting>
> Date: Fri, 7 Jul 2017, 17:37
> Subject: Responsible Security Disclosure
> To: <info at osgeo.org <mailto:info at osgeo.org>>
>
>
> During the course of a security research project I was completing, your
> site foss4g.org <http://foss4g.org> was discovered to have a serious
> security vulnerability present. The goal of this email is to responsibly
> disclose this issue to you so your technical team can mitigate the issue
> as soon as possible and minimize any impact. If you have an active bug
> bounty program you would like me to report additional details through
> please reply with contact information. Technical Details: The source
> code of your site is exposed at the root of your site at
> foss4g.org/.git/ <http://foss4g.org/.git/>
>
>
More information about the Sac
mailing list