Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

knockd Security Disclosure #91

Open
secdefect opened this issue Apr 9, 2024 · 5 comments
Open

knockd Security Disclosure #91

secdefect opened this issue Apr 9, 2024 · 5 comments

Comments

@secdefect
Copy link

secdefect commented Apr 9, 2024

Hi all,

I've found a significant vulnerability in knockd, how should I report this. I emailed Judd last week but haven't had a response, understandable as he's probably a busy guy.

Can anyone advise on a different email address or a different contributor that I can disclose the issue to.

Cheers now

@TDFKAOlli
Copy link
Contributor

Hi,

Judd indicated he doesn't have much time for the project any longer here. Either you wait a bit until he answers, or you disclose here so people can patch their own builds. Not sure whats the best way to go.
I do have a fork, but I'm also not using knockd actively anymore, nor I'm developing or adding features to my fork. Anyhow I would apply a patch just in case someone use the fork. Still I'm not sure if it is good to disclose if this root repo is not patched.

Cheers

@secdefect
Copy link
Author

Cheers for the reply

We will fork and propose a fix. If anyone can review and merge then that will be great. Having it marked as a published bug may help people decide if they build with the fix or use something else.

@evoke0
Copy link

evoke0 commented Apr 27, 2024

Hello @secdefect, have you received an answer from Judd? If not, have you disclosed the vulnerability?

@eabase
Copy link

eabase commented Oct 21, 2024

@secdefect
BUMP

@RichieB2B
Copy link

@secdefect Any news on the vulnerability and possible patch?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants