_whitelogger has joined #rubygems
ur5us has quit [Read error: Connection reset by peer]
KeyJoo has joined #rubygems
KeyJoo has quit [Quit: KeyJoo]
robbie has joined #rubygems
<robbie> I have a security issue that just happened on rubygems.org
<robbie> I'm not sure best way to report all that happened
<robbie> it's with rubygems.org
<robbie> not a specific gem
<robbie> I was able to be logged in as another user
<robbie> I have a theory on how it happened.
<havenwood> robbie: hmmm, interesting! please email security@rubygems.org.
<robbie> thanks
<havenwood> robbie: you could also report it at HackerOne: https://hackerone.com/rubygems#reporting-rubygems-org-website-problems
<robbie> oh ok will do
<havenwood> I guess they just redirect to http://help.rubygems.org/
<havenwood> Emailing security@rubygems.org would be great in any case.
<havenwood> robbie: Thank you for responsible disclosure!
<robbie> I was able to reproduce, and I have submitted to hackerone.com
<robbie> I'll email as well