Critical Vulnerability Report

Ian Wienand iwienand at redhat.com
Mon Feb 15 04:35:05 UTC 2021


On Sun, Feb 14, 2021 at 05:47:08PM +0000, Divya Singh wrote:
> I have found a critical vulnerability at one of your domain that is
> cve-2019-15043
> which can led to DDOS attack and can make system go down by grafana snapshot
> instance

Thank you for your report and we will deal with this.

For future reference, security issues can be reported via the
service-incident at opendev.org address.  You certainly could not be
expected to know this as we have not done a good job at making this
clear.  I have proposed [1] to hopefully make this more obvious on the
main system-config documentation page.  If there was anywhere else you
looked for disclosure addresses without success please let us know,
and we can work to update that too.

-i

[1] https://review.opendev.org/c/opendev/system-config/+/775554




More information about the service-discuss mailing list