Computer security, cybersecurity (cyber security), digital security or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide. (Source: Wikipedia)
If you believe you have found a security vulnerability in any of Obscurely's repository that meets the definition below please report it to us as described below.
Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface. (Source: Wikipedia)
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report it by sending an email to obscurely.message@protonmail.com
You should receive a response within 24 hours. If for some reason you do not, please resend that email to ensure I received your original message. I may not be available, if so please wait and do not make the vulnerability public
Please include the requested information listed below (as much as you can provide) to help me better understand the nature and scope of the possible issue:
- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
This information will help me triage your report more quickly.
I prefer all communications to be in English, but we have translation software nowdays so you do you.
In computer security, coordinated vulnerability disclosure, or "CVD" (formerly known as responsible disclosure) is a vulnerability disclosure model in which a vulnerability or an issue is disclosed to the public only after the responsible parties have been allowed sufficient time to patch or remedy the vulnerability or issue. This coordination distinguishes the CVD model from the "full disclosure" model. (Source: Wikipedia)