We found several serious security issues in Dolibarr version 4.0.4.
At least one leads to complete application compromise.
As far as I can see you have no mail address for handling security issues.
Please publish a valid PGP key for sending the details.
HI.
You can push your notice at [email protected]
Thanks.
I'd like to send the information privately to you, so please publish your PGP key.
I think this isn't getting the required attention.
I contacted you via email, GitHub and Twitter and it seems you're not interested that our findings can be securely transmitted to you.
Please publish a PGP key.
You can send data to [email protected]. This is my private email.
As I didn't get any response from you via mail, I'll continue here.
Did you have a look into our security advisory?
We will publish our findings at the latest by the 10th of May.
I repeat previous answers: You can send security advisories to [email protected]. Other companies succeed to make their report with this dedicated channel. Did you get an email bounce when you tried ?
I sent several mails from my company address to [email protected] and did not get any bounces. I will try again from my gmail account. Please check.
I sent our advisory to [email protected] three days ago.
DId you have a look into it?
Please note the following CVE numbers for further reference to our findings:
Our updated advisory text was sent to [email protected] some minutes ago.
The mail was successfully delivered:
<[email protected]>: delivery via aspmx.l.google.com[74.125.133.27]:25: 250
2.0.0 OK 1492508918 t18si19894283wra.90 - gsmtp
FIX CVE-2017-7888 in
acfaec684d71bcd85635ce8efecc43d8afd9b5b1
Salt can already be set by an option. Automatically set with 6.0 in new install.
FIX CVE-2017-7887 in
6d01bd712db021a03a8bd78a461e63c26fa63e44
Available in 5.0.3
FIX CVE-2017-7886 in
9c482b9f2a021604e29b7321e2e18eed60d08932
Available in 4.0.7
Most helpful comment
I think this isn't getting the required attention.
I contacted you via email, GitHub and Twitter and it seems you're not interested that our findings can be securely transmitted to you.
Please publish a PGP key.