openproject
YesWeHackView on YesWeHack
1
In Scope
7
Out of Scope
In-Scope Assets (1)
| Asset | Category | Quick Links | |
|---|---|---|---|
| https://github.com/opf/openproject | OPEN-SOURCE | - |
Out-of-Scope Assets (7)
| Asset | Category | |
|---|---|---|
| Any asset that is not explicitly included in our program's scope | OTHER | |
| Any depreciated versions and other versions than the current stable/official version are considered out of scope except if specified otherwise in the program’s rules | OTHER | |
| Any local implementation of the project/implementation belonging to third parties | OTHER | |
| Any third parties’ or Community’s assets that are not explicitly included (e.g. forks, libraries or packages) | OTHER | |
| Development configurations, plugins or images, such as the development or all-in-one docker containers, or running application in non-production modes and configurations. | OTHER | |
| Libraries and protocols with known limitations and gems already in update maintenance (e.g., OmniAuth < 2 CSRF protections, carrierwave) | OTHER | |
| Third parties such as security researchers already involved in active security audits, or already opened reports | OTHER |