#rubygems on 2019-02-20 — irc logs at freenode.irclog.whitequark.org

04:15 _whitelogger has joined #rubygems

08:21 ur5us has quit [Read error: Connection reset by peer]

15:11 KeyJoo has joined #rubygems

18:20 KeyJoo has quit [Quit: KeyJoo]

19:45 robbie has joined #rubygems

19:46 <robbie> I have a security issue that just happened on rubygems.org

19:47 <robbie> I'm not sure best way to report all that happened

19:51 <robbie> it's with rubygems.org

19:51 <robbie> not a specific gem

19:52 <robbie> I was able to be logged in as another user

19:52 <robbie> I have a theory on how it happened.

19:53 <havenwood> robbie: hmmm, interesting! please email security@rubygems.org.

19:54 <robbie> thanks

19:55 <robbie> oh ok will do

19:55 <havenwood> I guess they just redirect to http://help.rubygems.org/

19:56 <havenwood> Emailing security@rubygems.org would be great in any case.

19:56 <havenwood> robbie: Thank you for responsible disclosure!

20:04 <robbie> I was able to reproduce, and I have submitted to hackerone.com

20:05 <robbie> I'll email as well