habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

root: update security policy to include link to cure53 report (#7853)

Browse Source 
* add links to the cure53 audit results

* fix link

* link

* fighting with Docu

* removed link for now

* use absolute link

---------

Co-authored-by: Tana Berry <tana@goauthentik.io>
This commit is contained in:
Tana M Berry
2023-12-11 15:26:36 -06:00
committed by GitHub
parent 1fccbaa693
commit f2aa83a731
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
website/docs/security/2023-06-cure53.md
View File

@ -1,8 +1,8 @@
# 2023-06 Cure53 Code audit
In May/June of 2023, we've had a Pen-test conducted by [Cure53](https://cure53.de). The following security updates, 2023.4.2 and 2023.5.3 were released as a response to the found issues.
In May/June of 2023, we've had a Pentest conducted by [Cure53](https://cure53.de). The following security updates, 2023.4.2 and 2023.5.3 were released as a response to the found issues.
From the complete report, these are the points we're addressing with this update:
From the [complete report](https://cure53.de/pentest-report_authentik.pdf), these are the points we're addressing with this update:
### ATH-01-001: Path traversal on blueprints allows arbitrary file-read (Medium)