Urgent Warning: "Suspected Security bug" Edit : false alarm
6
Urgent Warning: "Suspected Security bug" Edit : false alarm

So by complete luck I found a huge security bug in lemmy as far as I can understand.

How can I test it with the team and disclose it with them?

Edit: I thought it is weird that anyone can access lemmy.ml/setup but upon further investigation I found that no one can use it in anything other than the admins and that users can only signup a normal account from this page rather than admin account.

Which means that this is a feature not a bug.

overall I think admins should hide this page to future proof it from bugs.

Cold Hotman
link
fedilink
52M

I would try to contact the head devs, @dessalines@lemmy.ml or @nutomic@lemmy.ml on Matrix, Lemmy have several offical rooms where they hang out.

N01
creator
link
fedilink
12M

I don’t have matrix account.

@nutomic@lemmy.ml
link
fedilink
22M
    Subscribe

    Support / questions about Lemmy.

    • 0 users online
    • 2 users / day
    • 4 users / week
    • 19 users / month
    • 69 users / 6 months
    • 4 subscribers
    • 56 Posts
    • 260 Comments
    • Modlog