...
| Code Block | ||||
|---|---|---|---|---|
| ||||
This is an advance warning of a vulnerability discovered in
ONAP, to give you, as downstream stakeholders, a chance to
coordinate the release of fixes and reduce the vulnerability window.
Please treat the following information as confidential until the
proposed public disclosure date.
$DESCRIPTION
Proposed patch:
See attached patches. Unless a flaw is discovered in them, these
patches will be merged to their corresponding branches on the public
disclosure date.
CVE: $CVE
Proposed public disclosure date/time:
$DISCLOSURE, 1400UTC
Please do not make the issue public (or release public patches)
before this coordinated embargo date.
Original private report:
{jira_issue_url}
For access to read and comment on this report, please reply to me
with your jira username and I will subscribe you.
--
{onap_vulnerability_ sub-committee _member},
on behalf of the ONAP vulnerability sub-committee
|
Security issue available in public (not reported privately)
Message should be signed.
- Subject: [pre-OSA] Vulnerability in ONAP $PROJECT ($CVE) has been disclosed
| Code Block | ||||
|---|---|---|---|---|
| ||||
This is an warning of a vulnerability discovered in ONAP and published
without prior reporting to ONAP Vulnerability management subcommittee.
We will do our best to provide the fix as soon as possible but till then
please be aware of following issue:
$DESCRIPTION
Proposed patch:
There is no patch yet.
Proposed mitigations:
{mitigations if possible}
CVE: $CVE
Public bug report:
{jira_issue_url}
--
{onap_vulnerability_ sub-committee _member},
on behalf of the ONAP vulnerability sub-committee
|
Security issue available in public (not reported privately)
Message should be signed.
*Subject: [pre-OSA] Vulnerability in ONAP $PROJECT ($CVE) has been disclosed
ONAP Security Advisories (OSA)
...