mirror of
https://github.com/warp-tech/warpgate.git
synced 2025-12-09 06:26:03 +08:00
22 lines
718 B
Markdown
22 lines
718 B
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Please report vunerabilities using GitHub's Private Vulnerability Reporting tool.
|
|
|
|
You can expect a response within a few days.
|
|
|
|
---
|
|
|
|
Warpgate considers the following trusted inputs:
|
|
|
|
* Contents of the connected database
|
|
* Contents of the config file, as long as Warpgate does not fail to lock down its permissions.
|
|
* HTTP requests made by a session previously authenticated by a user who has the `warpgate:admin` role.
|
|
* Network infrastructure and actuality and stability of target IPs/hostnames.
|
|
|
|
In particular, this does not include the traffic from known Warpgate targets.
|
|
|
|
---
|
|
|
|
CNA: [GitHub](https://www.cve.org/PartnerInformation/ListofPartners/partner/GitHub_M)
|