云

Is this a CVE?

hi, i have some question about reporting a vuln.
basically i found a vuln that gives the attacker root access, however it requires some misconfigured proxy or just SSRF with post, should i just report it? does this count as a CVE?

ig ill just follow the instructions on their security page? (this is a git repo)

havnt done this before so any advice is welcome

云

云OP•8/24/25, 11:27 PM

i verified that it works

w33t•8/24/25, 11:29 PM

Yes, if it's a configuration that could be justifiably expected in the wild, I'd call it a CVE

w33t•8/24/25, 11:29 PM

@WanderingPacket might be a gooder resource idk

Ww33t Yes, if it's a configuration that could be justifiably expected in the wild, I'd...

云

云OP•8/24/25, 11:29 PM

can i talk about the specifics here?

w33t•8/24/25, 11:30 PM

Yeah, that's fine, it's for legitimate purposes and you're reporting it. But if it's a wide-spread thing that likely would cause a problem if it was more widely known, I might suggest against it