Scality Report Form for Vulnerable Disclosure

Description index

Name / Pseudo
Personal name or company associated with your report.
Contact Information
Contact Information like email for purpose of progress communication or for additional information if needed.
Affected Products / Components
Product and or product version or component names that affect the products or components.
Vulnerability Description
Provide brief vulnerability information, including the type of vulnerability and the potential impact / severity of successful exploitation.
Technical Information about the Vulnerability
Provide technical details about the vulnerability, including 1 technical information in detail; 2 procedures for reproducing the vulnerability, 3 Proof of Concept (PoC) (additional files can be sent with an additional attachment to security@scality.com).
Vulnerability Attack Scenario Description
Describes how an attacker successfully exploits the vulnerability, including the prerequisites for the attack, trigger conditions, and whether interaction with the victim is required.
Recommended Fixes and Mitigations
Provide detailed fix methods, solutions, industry best practices, and mitigations.
Public PGP key
Optionally, if you would like to use PGP encrypted email, please include either your ASCII-armored PGP key or a URL to your key.
Positive confirmation from the Reporter they have read & understood the Vendor’s Vulnerability Disclosure Policy
Confirmation from the Reporter they have read & understood the Vendor’s Vulnerability Disclosure Policy.
Public Acknowledgment of Reporter
Is it permissible to acknowledge reporter contribution in the security advisory for the identified vulnerability.
Other
Additional information considered important but has not been covered in the preceding sections.