-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential security issue #1620
Comments
Hey there, I've notified the powers that be to offer a response, but they may not be available until Monday at the earliest. If you could be so kind as to make no public disclosure in the meantime, that'd be ideal. Thanks for your research and the impetus for us to create this file. |
You can e-mail adam.ierymenko@zerotier.com with an encrypted message to key:
|
@erikh @adamierymenko - thanks for your responses 👍 I will get an e-mail sent over to the address mentioned above now :) Just for reference, the report can be found directly here: It is private and only accessible to maintainers with repository write permissions. Let me know if you have any questions. |
Got this patched up and released as 1.8.8. Thanks! |
This was a Windows Local Privelege esclation, released as CVE-2022-1316. https://www.zerotier.com/2022/04/11/zerotier-for-windows-local-privilege-escalation/ Fixed in ffb444d |
Hey there!
I belong to an open source security research community, and a member (@ycdxsb) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: