[asterisk-bugs] [JIRA] (ASTERISK-29121) Critical Vulnerability found

Asterisk Team (JIRA) noreply at issues.asterisk.org
Sat Oct 10 01:37:36 CDT 2020 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29121?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=252389#comment-252389 ] 

Asterisk Team commented on ASTERISK-29121:
------------------------------------------

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur.

Please note that by submitting data, code, or documentation to Sangoma through JIRA, you accept the Terms of Use present at [https://www.asterisk.org/terms-of-use/|https://www.asterisk.org/terms-of-use/].

> Critical Vulnerability found
> ----------------------------
>
>                 Key: ASTERISK-29121
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29121
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: . I did not set the category correctly.
>    Affects Versions: 17.7.0
>            Reporter: Saurabh Sanmane
>
> Hi team,
> I am an ethical hacker. Till now I found lots of vulnerability in lots of small and big company sites. Till now I got lots of rewards and a reputation for it. Always I did ethical hacking professionally. I also found more than 2 vulnerabilities in your site, some are low impact vulnerabilities which I not reported to you till now. But today I found one very critical vulnerability in your site. I want to report it to you, but before I report it to you I want to check that it is fully vulnerable or not. For that, I need permission from your security team.
> Without your permission, I am not going to exploit it. As a white hacker, it is not my behavior. But if any attacker or black hat hacker exploits it then your company has to face a crisis. it's not my motive to afraid you. I just want to test and report. Please grant me permission, I really want to help you. Please mail me back if you want to ask anything related to vulnerability.
> Regards.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list