Parse-server: Can't send email regarding potential security issue to [email protected]

Created on 12 Jun 2019  路  9Comments  路  Source: parse-community/parse-server

Issue Description

I've discovered a potential security issue that I don't want to disclose through a GitHub issue. However, when I try to send an email to [email protected] as specified here I get a Mail Discovery Notification (Failure) email back.

I've also tried sending the email to the contact email community@parseplatform as specified here, but I still get the same failure email back.

We use G Suite (i.e. Google Mail) for sending our emails.

Steps to reproduce

  1. Send email to [email protected].

Expected Results

  1. Email sent and received successfully.

Actual Outcome

  1. I get a Mail Discovery Notification (Failure) mail back, with the following information: "Your message wasn't delivered to [email protected] because the address couldn't be found, or is unable to receive mail."

Environment Setup

N/A

Logs/Trace

N/A

picture BenniPlejd

Most helpful comment

As an alternative, as a non-member can you create a Security Advisory through GitHub? (Only members can see these but I'm not sure whether non-members can create them or not)
Screenshot 2019-06-12 at 17 40 06

picture TomWFox on 12 Jun 2019
🎉1 👍1

All 9 comments

thanks. looking into.

acinader picture acinader on 12 Jun 2019

As an alternative, as a non-member can you create a Security Advisory through GitHub? (Only members can see these but I'm not sure whether non-members can create them or not)
Screenshot 2019-06-12 at 17 40 06

TomWFox picture TomWFox on 12 Jun 2019
🎉1 👍1

@TomWFox YES!!! that is so much better. If you're up for it, will you update the docs to direct security issues there?

@BenniPlejd I've created the email addresses for those aliases. I can imagine how it all happened and I appreciate you're opening this issue. Would you open a security issue please?

acinader picture acinader on 12 Jun 2019

@acinader Unfortunately I get 404 on that link, and I can't create any advisories if I click on the Security tab in the project's GitHub.

I'll test emailing you guys again!

BenniPlejd picture BenniPlejd on 12 Jun 2019

@BenniPlejd I got it. thanks. I'm going to look into how we use github to discuss and keep you up to date on resolving...

@TomWFox i'll leave this open to see if you want to revise the published procedure?

acinader picture acinader on 12 Jun 2019
👍1

Seems odd that non-members can't create advisories but it should still be useful as we can then publish as a know vulnerability when solved.

TomWFox picture TomWFox on 12 Jun 2019

nice. i'll close this now then.

acinader picture acinader on 12 Jun 2019

@BenniPlejd are you able to see any of the conversations we're having about the advisory? this is my first time using these features of GitHub. we invited you to participate, but it is not clear to me if we did that right, or if it is even supported...

acinader picture acinader on 12 Jun 2019

@acinader Yes, I can see it!

BenniPlejd picture BenniPlejd on 12 Jun 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

omyen picture omyen  路  3Comments
ugo-geronimo picture ugo-geronimo  路  3Comments
shardul08 picture shardul08  路  3Comments
jiawenzhang picture jiawenzhang  路  4Comments
sanergulec picture sanergulec  路  4Comments