[wp-trac] [WordPress Trac] #52176: [Image(wiki:Wiki[]Formatting:picture.gif)]]
WordPress Trac
noreply at wordpress.org
Fri Dec 25 17:45:18 UTC 2020
#52176: [Image(wiki:Wiki[]Formatting:picture.gif)]]
--------------------------+------------------------------
Reporter: tourwaz | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by jorbin):
@tourwaz Do not pentest the production Trac instances, it's very annoying
to clean up after. Setup a local environment instead; the custom source
code is available via the Git command below, in the trac.wordpress.org
subfolder. If you ignore this you'll forfeit any bounty.
Only report vulnerabilities in our custom code, don't report
vulnerabilities that only exist upstream in Trac itself. Report those
directly to info at edgewall.com.
All source code that isn't behind authentication is intended to be public.
The source code itself has High CVSS impact scores. The applications that
manage the code (Trac, Git, SVN, etc) have Low scores, except for
vulnerabilities that allow modifications to the source code.
Most of the source code in these domains is contained in the "meta"
repository: git clone git://meta.git.wordpress.org/
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52176#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list