lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixes to be pure markdown

Browse Source
This commit is contained in:
Philippe GRAND 2021-11-08 13:33:24 +01:00
parent 3ff880aa74
commit 0a3a0862ff
1 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
SECURITY.md
View File

@ -12,8 +12,7 @@ This file contains some policies about the security reports on Dolibarr ERP CRM
## Reporting a Vulnerability
To report a vulnerability, please use GitHub security advisory at https://github.com/Dolibarr/dolibarr/security/advisories/new (if you have permissions) or alternatively send an email to security@dolibarr.org (for everybody)
To report a vulnerability, please use GitHub security advisory at [https://github.com/Dolibarr/dolibarr/security/advisories/new](https://github.com/Dolibarr/dolibarr/security/advisories/new) (if you have permissions) or alternatively send an email to security@dolibarr.org (for everybody)
## Hunting vulnerabilities on Dolibarr
@ -23,7 +22,7 @@ If you believe you've found a security bug in our service, we are happy to work
Any type of denial of service attacks is strictly forbidden, as well as any interference with network equipment and Dolibarr infrastructure.
We recommand to install Dolibarr ERP CRM on your own server (as most Open Source software, download and use is free: https://www.dolibarr.org/download) to get access on every side of application.
We recommand to install Dolibarr ERP CRM on your own server (as most Open Source software, download and use is free: [https://www.dolibarr.org/download](https://www.dolibarr.org/download)) to get access on every side of application.
### User Agent
@ -31,8 +30,7 @@ If you try to find bug on Dolibarr, we recommend to append to your user-agent he
### Account access
You can install the web application yourself on your own platform/server so you get full access to application and sources. Download the zip of the files to put into your own web server virtual host from https://www.dolibarr.org/download
You can install the web application yourself on your own platform/server so you get full access to application and sources. Download the zip of the files to put into your own web server virtual host from [https://www.dolibarr.org/download](https://www.dolibarr.org/download)
## Eligibility and Responsible Disclosure
@ -46,7 +44,6 @@ You must avoid tests that could cause degradation or interruption of our service
You must not leak, manipulate, or destroy any user data of third parties to find your vulnerability.
## Scope for qualified vulnerabilities
ONLY vulnerabilities discovered, when the following setup on test platform is used, are "valid":
@ -64,7 +61,6 @@ ONLY vulnerabilities discovered, when the following setup on test platform is us
Scope is the web application (back office) and the APIs.
## Qualifying vulnerabilities for reporting
* Remote code execution (RCE)
@ -81,7 +77,6 @@ Scope is the web application (back office) and the APIs.
* Software version disclosure (for non admin users only)
* Stack traces or path disclosure (for non admin users only)
## Non-qualifying vulnerabilities for reporting
* "Self" XSS
@ -99,4 +94,3 @@ Scope is the web application (back office) and the APIs.
* Software version or private IP disclosure when logged user is admin
* Stack traces or path disclosure when logged user is admin
* Any vulnerabilities due to a configuration different than the one defined into chapter "Scope for qualified vulnerabilities".