diff options
Diffstat (limited to '.gitlab/issue_templates/Vulnerability Disclosure.md')
-rw-r--r-- | .gitlab/issue_templates/Vulnerability Disclosure.md | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/.gitlab/issue_templates/Vulnerability Disclosure.md b/.gitlab/issue_templates/Vulnerability Disclosure.md new file mode 100644 index 00000000000..9f143a76e0e --- /dev/null +++ b/.gitlab/issue_templates/Vulnerability Disclosure.md @@ -0,0 +1,98 @@ +<!--- +Please read this! + +This template is for reporting a security vulnerability about GitLab or +GitLab.com + +Strongly consider reporting via https://hackerone.com/gitlab, as +HackerOne is our preferred disclosure platform. + +See also: + +- https://about.gitlab.com/security/disclosure/ +- https://about.gitlab.com/handbook/engineering/security/#creating-new-security-issues +- https://about.gitlab.com/handbook/engineering/security/#engaging-the-security-on-call + +---> + +### Summary + +<!-- Summarize the bug encountered concisely. --> + +### Steps to reproduce + +<!-- Describe how one can reproduce the issue - this is very important. Please use an ordered list. --> + +### Example Project + +<!-- If possible, please create an example project here on GitLab.com that exhibits the problematic +behavior, and link to it here in the bug report. If you are using an older version of GitLab, this +will also determine whether the bug is fixed in a more recent version. --> + +### What is the current *bug* behavior? + +<!-- Describe what actually happens. --> + +### What is the expected *correct* behavior? + +<!-- Describe what you should see instead. --> + +### Relevant logs and/or screenshots + +<!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code + as it's tough to read otherwise. --> + +### Output of checks + +<!-- If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com --> + +#### Results of GitLab environment info + +<!-- Input any relevant GitLab environment information if needed. --> + +<details> +<summary>Expand for output related to GitLab environment info</summary> + +<pre> + +(For installations with omnibus-gitlab package run and paste the output of: +`sudo gitlab-rake gitlab:env:info`) + +(For installations from source run and paste the output of: +`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`) + +</pre> +</details> + +#### Results of GitLab application Check + +<!-- Input any relevant GitLab application check information if needed. --> + +<details> +<summary>Expand for output related to the GitLab application check</summary> +<pre> + +(For installations with omnibus-gitlab package run and paste the output of: +`sudo gitlab-rake gitlab:check SANITIZE=true`) + +(For installations from source run and paste the output of: +`sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true`) + +(we will only investigate if the tests are passing) + +</pre> +</details> + +### Possible fixes + +<!-- If you can, link to the line of code that might be responsible for the problem. --> + + +--- + +<!-- Do not edit past here unless you are certain of the impact --> + +cc @gitlab-com/gl-security/appsec + +/label ~"type::bug" ~"bug::vulnerability" +/confidential |