Please report vunerabilities using GitHub's Private Vulnerability Reporting tool.
You can expect a response within a few days.
Warpgate considers the following trusted inputs:
- Contents of the connected database
- Contents of the config file, as long as Warpgate does not fail to lock down its permissions.
- HTTP requests made by a session previously authenticated by a user who has the
warpgate:adminrole. - Network infrastructure and actuality and stability of target IPs/hostnames.
In particular, this does not include the traffic from known Warpgate targets.