Reporting Security Issues
Please refrain from reporting security vulnerabilities through public GitHub issues.
Instead, kindly report them via the information provided in cloud.gov's security.txt.
When reporting, include the following details (as much as possible) to help us understand the nature and extent of the potential issue:
- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of related source file(s)
- Location of affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if available)
- Impact of the issue, including potential exploitation by attackers
Providing this information will facilitate a quicker triage of your report.