Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
20f2cda5
Commit
20f2cda5
authored
Mar 21, 2022
by
Nick Malcolm
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add an issue template for Vulnerability Disclosure
parent
1ad3c57b
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
98 additions
and
0 deletions
+98
-0
.gitlab/issue_templates/.gitlab/issue_templates/Vulnerability Disclosure.md
...lates/.gitlab/issue_templates/Vulnerability Disclosure.md
+98
-0
No files found.
.gitlab/issue_templates/.gitlab/issue_templates/Vulnerability Disclosure.md
0 → 100644
View file @
20f2cda5
<!---
Please read this!
This template is for reporting a security vulnerability about GitLab or
GitLab.com
Strongly consider reporting via https://hackerone.com/gitlab, as
HackerOne is our preferred disclosure platform.
See also:
-
https://about.gitlab.com/security/disclosure/
-
https://about.gitlab.com/handbook/engineering/security/#creating-new-security-issues
-
https://about.gitlab.com/handbook/engineering/security/#engaging-the-security-on-call
--->
### Summary
<!-- Summarize the bug encountered concisely. -->
### Steps to reproduce
<!-- Describe how one can reproduce the issue - this is very important. Please use an ordered list. -->
### Example Project
<!-- If possible, please create an example project here on GitLab.com that exhibits the problematic
behavior, and link to it here in the bug report. If you are using an older version of GitLab, this
will also determine whether the bug is fixed in a more recent version. -->
### What is the current *bug* behavior?
<!-- Describe what actually happens. -->
### What is the expected *correct* behavior?
<!-- Describe what you should see instead. -->
### Relevant logs and/or screenshots
<!-- Paste any relevant logs - please use code blocks (
```
) to format console output, logs, and code
as it's tough to read otherwise. -->
### Output of checks
<!-- If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com -->
#### Results of GitLab environment info
<!-- Input any relevant GitLab environment information if needed. -->
<details>
<summary>
Expand for output related to GitLab environment info
</summary>
<pre>
(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`
)
(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`
)
</pre>
</details>
#### Results of GitLab application Check
<!-- Input any relevant GitLab application check information if needed. -->
<details>
<summary>
Expand for output related to the GitLab application check
</summary>
<pre>
(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:check SANITIZE=true`
)
(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true`
)
(we will only investigate if the tests are passing)
</pre>
</details>
### Possible fixes
<!-- If you can, link to the line of code that might be responsible for the problem. -->
---
<!-- Do not edit past here unless you are certain of the impact -->
cc @gitlab-com/gl-security/appsec
/label ~"type::bug" ~"bug::vulnerability"
/confidential
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment