Critical Vulnerability Report
Ian Wienand
iwienand at redhat.com
Mon Feb 15 04:35:05 UTC 2021
On Sun, Feb 14, 2021 at 05:47:08PM +0000, Divya Singh wrote:
> I have found a critical vulnerability at one of your domain that is
> cve-2019-15043
> which can led to DDOS attack and can make system go down by grafana snapshot
> instance
Thank you for your report and we will deal with this.
For future reference, security issues can be reported via the
service-incident at opendev.org address. You certainly could not be
expected to know this as we have not done a good job at making this
clear. I have proposed [1] to hopefully make this more obvious on the
main system-config documentation page. If there was anywhere else you
looked for disclosure addresses without success please let us know,
and we can work to update that too.
-i
[1] https://review.opendev.org/c/opendev/system-config/+/775554
More information about the service-discuss
mailing list