On 1/4/21 3:23 AM, Salah Mosbah via Gcc wrote:
> Hi Janus,
>
> How can I report some high impact security vulnerabilities that I have
> found on gnu.org
> web app?
>
> Also, does gnu.org has a bug bounty program or reporting bugs reward policy?
>
> The vulnerabilities that I have found affects the core API of gnu.org which
> allows unauthorized users to get access to other user's data that they
> don't have access to it.
For gnu.org you'd need to contact the administrators of that domain,
which presumably you find contact information for on www.gnu.org.
If it's a problem with gcc.gnu.org, then the details should be sent to
overse...@gcc.gnu.org
Jeff
