On Sun, Feb 14, 2021 at 05:47:08PM +0000, Divya Singh wrote:
I have found a critical vulnerability at one of your domain that is cve-2019-15043 which can led to DDOS attack and can make system go down by grafana snapshot instance
Thank you for your report and we will deal with this. For future reference, security issues can be reported via the service-incident@opendev.org address. You certainly could not be expected to know this as we have not done a good job at making this clear. I have proposed [1] to hopefully make this more obvious on the main system-config documentation page. If there was anywhere else you looked for disclosure addresses without success please let us know, and we can work to update that too. -i [1] https://review.opendev.org/c/opendev/system-config/+/775554