Security Vulnerability Disclosure - Request for Contact Information #35397
Description
Description
Security Contact Request
Our security research team has identified a potential vulnerability in your software that we would like to report through a responsible disclosure process.
We tried contacting you [email protected] as listed in your SECURITY.md and official contact site, but did not receive a reply.
Additional context
- Security vulnerability details will be shared privately once contact is established.
- Our responsible disclosure policy typically requires public disclosure after a set period without vendor response.
- To ensure this finding reaches the appropriate team members, could you please:
- Provide a security contact email address where we can send the vulnerability details, or
- Consider updating your SECURITY.md file in your repository with the updated contact information.
- You can reach our security research team at [email protected]
We're trying to work with you on this and would prefer coordinated disclosure over public disclosure.
Gitea Version
1.24.5
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
.
Database
None