Skip to content

Several Security Vulnerabilities Found #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TheDarkMentor opened this issue Apr 15, 2025 · 7 comments
Open

Several Security Vulnerabilities Found #12

TheDarkMentor opened this issue Apr 15, 2025 · 7 comments

Comments

@TheDarkMentor
Copy link

Hello Silverpeas team,

I am a security researcher and I have found a few different vulnerabilities within the application.

I noticed this tab is for "issues" and want to clarify whether it is only for minor bugs and possible fixes users find when using the application. Is it okay with the team to post security vulnerabilities found here?

I am happy to submit my findings to you the way your team feels comfortable with and will get them to you as soon I have the preferred method.

Thank you.
@mmoqui
Copy link
Member

mmoqui commented Apr 15, 2025

Hi, we usually prefer the vuln to be reported in our issue tracker referred in https://www.silverpeas.org/issue-management.html so that it should be easier both for us and the reporter to follow the their life-cycle.

For doing, please ask for an account by giving all the required and easily verifiable information about you (otherwise your ask will be rejected). Once your account enabled, you'll be part of the security project and you could report any of your discoveries.

@TheDarkMentor
Copy link
Author

Sure thing. My name is Dr. Emmanuel DeJesus, I am a security researcher and my email is somementor2@gmail.com. As for my organization and organization URL I do not have those up to date on my linkedIn Currently. Posting here as the formal request so hopefully we can move forward.

I did not see a formal request area in this link https://www.silverpeas.org/issue-management.html.

@mmoqui
Copy link
Member

mmoqui commented Apr 16, 2025

The URL to access our issue tracker is in https://www.silverpeas.org/issue-management.html

@TheDarkMentor
Copy link
Author

Ahh I should have been more clear. My fault. When I click the link you provided I can see this URL https://tracker.silverpeas.org/ to get to the issue tracker. Unfortunately, when I continue and click that link I get a forbidden page, with the following.

"Forbidden
You don't have permission to access this resource."

Provided a screen shot below in case this helps. Please advise.

Image

@mmoqui
Copy link
Member

mmoqui commented Apr 17, 2025

Ha yes, indeed, Since a DDOS against our issue tracker, the sysadmin decided temporarily to authorize the access from only a very tiny set of countries. Give me the country from which you want to access the tracker to put it among the authorized countries

@TheDarkMentor
Copy link
Author

Some people always have to ruin it for the rest of us. Blows my mind, can't even understand the point of it. Glad you guys found a work around though!

I am out of the USA.

@TheDarkMentor
Copy link
Author

So I was able to get to the registry page but once there I cannot register because the captcha refuses to work, I have tried on two different pc's and 3 different browsers hoping for a different result.

Do you know of any fix for this issue?

Screenshot below in case you know of a fix:

Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mmoqui @TheDarkMentor