Files
vrcx/SECURITY.md
T

31 lines
998 B
Markdown

# Security policy
Thanks for taking the time to look at this. This tool authenticates against
BMCs over SSH and HTTPS, runs commands as the chosen user, and writes their
output to disk — so vulnerability reports are very welcome.
## Supported versions
Only the latest tagged release is supported. Older versions will
not get fixes; please upgrade first.
## How to report a vulnerability
**Please do not open a public issue** for security-sensitive findings.
Report privately by email to the maintainer at engelgardt2024@gmail.com.
Please include:
- The version you tested (the startup banner is enough).
- Steps to reproduce.
- An assessment of impact.
Reports are reviewed and addressed on a best-effort basis. A fix and a public
advisory will be published once the issue is resolved. Reporters are credited
unless they prefer to stay anonymous.
## Out of scope
- Issues that require the attacker to already control the host or the BMC.
- Behaviour with explicitly broken credentials.