Hi Jeff, Does gnu.org has a bug bounty program or reporting bugs reward policy?
On Mon, Jan 4, 2021 at 6:06 PM Jeff Law <l...@redhat.com> wrote: > > > On 1/4/21 3:23 AM, Salah Mosbah via Gcc wrote: > > Hi Janus, > > > > How can I report some high impact security vulnerabilities that I have > > found on gnu.org > > web app? > > > > Also, does gnu.org has a bug bounty program or reporting bugs reward > policy? > > > > The vulnerabilities that I have found affects the core API of gnu.org > which > > allows unauthorized users to get access to other user's data that they > > don't have access to it. > For gnu.org you'd need to contact the administrators of that domain, > which presumably you find contact information for on www.gnu.org. > > If it's a problem with gcc.gnu.org, then the details should be sent to > overse...@gcc.gnu.org > > Jeff > >