- Open a Github Private Vulnerability Report for "Wravoc" using the "Security" Tab on the home page of the repository following best practices. Click Report a vulnerability to open the advisory form.
- If you believe this vulnerability is severe or wish to send files please email [email protected] expecting a reply within 48 hours.
Please include:
-
Your Operating System details including:
- Who was file system owner of the Software
- What were the file system permissions on the Software
- What networking processes had access to that file
- What command was used to Execute the Software
- Where the Software was located when it was Executed
-
Your Python Environment Details including:
-
PDB output
python3 -m pdb authlog-threats.py
-
What modules were loaded at the time the Software was Executed
-
import sys import pprint # pretty print loaded modules pprint.pprint(sys.modules)
-
-
Version
-
Automations
- Including automatic Python repository, pip, or relevant software updating
-
Other Python scripts that had access to the Software
-
-
What customizations you used in the Software
-
Thorough details of vulnerability exploit
- What process was used to prove the exploit
- What files were touched
- Relevant shell history during the process
- Relevant sections of logs detailing this outcome
- Screenshots of all the above
- The hash and file size of the Software
Do not publically post information on how to utilize the vulnerability or details which others may find able to utilize the vulnerablity.