I opened a “Security Issues” ticket (SECURITY-53) back in Jan/2013, with no response. So I’m not sure what triggers someone to actually look at your report …
From: [email protected] [mailto:[email protected]] On Behalf Of teilo Sent: 29 August 2013 11:48 To: [email protected] Subject: Re: Right procedure to send for Security Advisories Hi Christian, You should create an issue in the Jenkins bug tracker under the "Security Issues" project. This project has restricted access so only the select few will be able to see your report. See https://wiki.jenkins-ci.org/display/JENKINS/Security+Advisories for more info. /James On Thursday, 29 August 2013 11:36:04 UTC+1, Christian Catalano wrote: Hi everyone, I am executing a PT for my company... in my targets there is a server with a Jenkins application. I think I have found a severe security vulnerability so I would like to know the right procedure to: - advise the jenkins team - send the documentation to explait the vulnerability and to prove it - how I can obtain a CVE Identifier Best regards Christian -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/groups/opt_out. -- This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail. Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message. Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
